summaryrefslogtreecommitdiffstats
path: root/api/team.go
diff options
context:
space:
mode:
Diffstat (limited to 'api/team.go')
-rw-r--r--api/team.go118
1 files changed, 117 insertions, 1 deletions
diff --git a/api/team.go b/api/team.go
index 8587a6de4..e34b3a610 100644
--- a/api/team.go
+++ b/api/team.go
@@ -23,6 +23,7 @@ func InitTeam(r *mux.Router) {
sr := r.PathPrefix("/teams").Subrouter()
sr.Handle("/create", ApiAppHandler(createTeam)).Methods("POST")
sr.Handle("/create_from_signup", ApiAppHandler(createTeamFromSignup)).Methods("POST")
+ sr.Handle("/create_with_sso/{service:[A-Za-z]+}", ApiAppHandler(createTeamFromSSO)).Methods("POST")
sr.Handle("/signup", ApiAppHandler(signupTeam)).Methods("POST")
sr.Handle("/find_team_by_name", ApiAppHandler(findTeamByName)).Methods("POST")
sr.Handle("/find_teams", ApiAppHandler(findTeams)).Methods("POST")
@@ -35,6 +36,11 @@ func InitTeam(r *mux.Router) {
}
func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("signupTeam", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
m := model.MapFromJson(r.Body)
email := strings.ToLower(strings.TrimSpace(m["email"]))
@@ -44,6 +50,10 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
+ if !isTreamCreationAllowed(c, email) {
+ return
+ }
+
subjectPage := NewServerTemplatePage("signup_team_subject", c.GetSiteURL())
bodyPage := NewServerTemplatePage("signup_team_body", c.GetSiteURL())
bodyPage.Props["TourUrl"] = utils.Cfg.TeamSettings.TourLink
@@ -70,7 +80,70 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
w.Write([]byte(model.MapToJson(m)))
}
+func createTeamFromSSO(c *Context, w http.ResponseWriter, r *http.Request) {
+ params := mux.Vars(r)
+ service := params["service"]
+
+ if !utils.IsServiceAllowed(service) {
+ c.SetInvalidParam("createTeamFromSSO", "service")
+ return
+ }
+
+ team := model.TeamFromJson(r.Body)
+
+ if team == nil {
+ c.SetInvalidParam("createTeamFromSSO", "team")
+ return
+ }
+
+ team.PreSave()
+
+ team.Name = model.CleanTeamName(team.Name)
+
+ if err := team.IsValid(); err != nil {
+ c.Err = err
+ return
+ }
+
+ team.Id = ""
+
+ found := true
+ count := 0
+ for found {
+ if found = FindTeamByName(c, team.Name, "true"); c.Err != nil {
+ return
+ } else if found {
+ team.Name = team.Name + strconv.Itoa(count)
+ count += 1
+ }
+ }
+
+ team.AllowValet = utils.Cfg.TeamSettings.AllowValetDefault
+
+ if result := <-Srv.Store.Team().Save(team); result.Err != nil {
+ c.Err = result.Err
+ return
+ } else {
+ rteam := result.Data.(*model.Team)
+
+ if _, err := CreateDefaultChannels(c, rteam.Id); err != nil {
+ c.Err = nil
+ return
+ }
+
+ data := map[string]string{"follow_link": c.GetSiteURL() + "/" + rteam.Name + "/signup/" + service}
+ w.Write([]byte(model.MapToJson(data)))
+
+ }
+
+}
+
func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("createTeamFromSignup", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
teamSignup := model.TeamSignupFromJson(r.Body)
@@ -89,6 +162,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
c.Err = err
return
}
+
+ if !isTreamCreationAllowed(c, teamSignup.Team.Email) {
+ return
+ }
+
teamSignup.Team.Id = ""
password := teamSignup.User.Password
@@ -161,6 +239,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
}
func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
+ if !utils.Cfg.ServiceSettings.AllowEmailSignUp {
+ c.Err = model.NewAppError("createTeam", "Team sign-up with email is disabled.", "")
+ c.Err.StatusCode = http.StatusNotImplemented
+ return
+ }
team := model.TeamFromJson(r.Body)
@@ -169,6 +252,10 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
+ if !isTreamCreationAllowed(c, team.Email) {
+ return
+ }
+
if utils.Cfg.ServiceSettings.Mode != utils.MODE_DEV {
c.Err = model.NewAppError("createTeam", "The mode does not allow network creation without a valid invite", "")
return
@@ -181,7 +268,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
rteam := result.Data.(*model.Team)
if _, err := CreateDefaultChannels(c, rteam.Id); err != nil {
- c.Err = nil
+ c.Err = err
return
}
@@ -196,6 +283,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
}
}
+func isTreamCreationAllowed(c *Context, email string) bool {
+
+ email = strings.ToLower(email)
+
+ if utils.Cfg.TeamSettings.DisableTeamCreation {
+ c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+ return false
+ }
+
+ // commas and @ signs are optional
+ // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org
+ domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1))))
+
+ matched := false
+ for _, d := range domains {
+ if strings.HasSuffix(email, "@"+d) {
+ matched = true
+ break
+ }
+ }
+
+ if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched {
+ c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "")
+ return false
+ }
+
+ return true
+}
+
func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
m := model.MapFromJson(r.Body)
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-09-07 15:59:34 +0000