From 227586e09af8c1ad1466a72078e5644d8368797f Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieterlexis@users.noreply.github.com>
Date: Thu, 29 Jun 2017 15:04:14 +0200
Subject: [PLT-5639] Show a message when invited addresses are blocked (#6691)

* Show a message when invited addresses are blocked

When using the "Send Email Invite" functionality. Emails were sent to
domains that were not on the `RestrictCreationToDomains` list. This
would lead to users getting a message that they can't create an account
if they follow the link in the email.

This commit will check the email addresses before the mails are sent and
warn the user typing them in which ones are blocked.

* Add unit test for domain restrictions on invite

* Invite Member: Clear serverError on toggle
---
 api4/team_test.go                         | 16 +++++++++++++++
 app/team.go                               | 33 ++++++++++++++++++++++++-------
 i18n/en.json                              |  4 ++++
 webapp/components/invite_member_modal.jsx |  3 ++-
 4 files changed, 48 insertions(+), 8 deletions(-)

diff --git a/api4/team_test.go b/api4/team_test.go
index e62790173..665db95f5 100644
--- a/api4/team_test.go
+++ b/api4/team_test.go
@@ -1449,6 +1449,22 @@ func TestInviteUsersToTeam(t *testing.T) {
 			}
 		}
 	}
+
+	restrictCreationToDomains := utils.Cfg.TeamSettings.RestrictCreationToDomains
+	defer func() {
+		utils.Cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains
+	}()
+	utils.Cfg.TeamSettings.RestrictCreationToDomains = "@example.com"
+
+	err := app.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id)
+
+	if err == nil {
+		t.Fatal("Adding users with non-restricted domains was allowed")
+	}
+	if err.Where != "InviteNewUsersToTeam" || err.Message != "api.team.invite_members.invalid_email.app_error" {
+		t.Log(err)
+		t.Fatal("Got wrong error message!")
+	}
 }
 
 func TestGetTeamInviteInfo(t *testing.T) {
diff --git a/app/team.go b/app/team.go
index 94523f8b5..be15b8a39 100644
--- a/app/team.go
+++ b/app/team.go
@@ -55,13 +55,8 @@ func CreateTeamWithUser(team *model.Team, userId string) (*model.Team, *model.Ap
 	return rteam, nil
 }
 
-func isTeamEmailAllowed(user *model.User) bool {
-	email := strings.ToLower(user.Email)
-
-	if len(user.AuthService) > 0 && len(*user.AuthData) > 0 {
-		return true
-	}
-
+func isTeamEmailAddressAllowed(email string) bool {
+	email = strings.ToLower(email)
 	// commas and @ signs are optional
 	// can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org
 	domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1))))
@@ -81,6 +76,16 @@ func isTeamEmailAllowed(user *model.User) bool {
 	return true
 }
 
+func isTeamEmailAllowed(user *model.User) bool {
+	email := strings.ToLower(user.Email)
+
+	if len(user.AuthService) > 0 && len(*user.AuthData) > 0 {
+		return true
+	}
+
+	return isTeamEmailAddressAllowed(email)
+}
+
 func UpdateTeam(team *model.Team) (*model.Team, *model.AppError) {
 	var oldTeam *model.Team
 	var err *model.AppError
@@ -621,6 +626,20 @@ func InviteNewUsersToTeam(emailList []string, teamId, senderId string) *model.Ap
 		return err
 	}
 
+	var invalidEmailList []string
+
+	for _, email := range emailList {
+		if ! isTeamEmailAddressAllowed(email) {
+			invalidEmailList = append(invalidEmailList, email)
+		}
+	}
+
+	if len(invalidEmailList) > 0 {
+		s := strings.Join(invalidEmailList, ", ")
+		err := model.NewAppError("InviteNewUsersToTeam", "api.team.invite_members.invalid_email.app_error", map[string]interface{}{"Addresses": s}, "", http.StatusBadRequest)
+		return err
+	}
+
 	tchan := Srv.Store.Team().Get(teamId)
 	uchan := Srv.Store.User().Get(senderId)
 
diff --git a/i18n/en.json b/i18n/en.json
index a2d1637a3..6371522a4 100644
--- a/i18n/en.json
+++ b/i18n/en.json
@@ -2131,6 +2131,10 @@
     "id": "api.team.invite_members.send.error",
     "translation": "Failed to send invite email successfully err=%v"
   },
+  {
+    "id": "api.team.invite_members.invalid_email.app_error",
+    "translation": "The following email addresses do not belong to an accepted domain: {{.Addresses}}. Please contact your System Administrator for details."
+  },
   {
     "id": "api.team.invite_members.sending.info",
     "translation": "sending invitation to %v %v"
diff --git a/webapp/components/invite_member_modal.jsx b/webapp/components/invite_member_modal.jsx
index 1e500115d..07aa9a1a3 100644
--- a/webapp/components/invite_member_modal.jsx
+++ b/webapp/components/invite_member_modal.jsx
@@ -97,7 +97,8 @@ class InviteMemberModal extends React.Component {
 
     handleToggle(value) {
         this.setState({
-            show: value
+            show: value,
+            serverError: null
         });
     }
 
-- 
cgit v1.2.3-1-g7c22