From 67bc12e4b72960ce5413a6267f11d505d581f1e7 Mon Sep 17 00:00:00 2001
From: =Corey Hulen <corey@hulen.com>
Date: Tue, 25 Aug 2015 14:40:16 -0700
Subject: Fixes PL-3 Restrict team creation to specific domains

---
 api/team.go                   | 45 ++++++++++++++++++++++++++++++++++---------
 config/config.json            |  3 ++-
 docker/0.6/config_docker.json |  3 ++-
 utils/config.go               | 23 +++++++++++-----------
 4 files changed, 52 insertions(+), 22 deletions(-)

diff --git a/api/team.go b/api/team.go
index 2d60707bb..10bdafcf0 100644
--- a/api/team.go
+++ b/api/team.go
@@ -44,8 +44,7 @@ func signupTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if utils.Cfg.TeamSettings.DisableTeamCreation {
-		c.Err = model.NewAppError("createTeamFromSignup", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+	if !isTreamCreationAllowed(c, email) {
 		return
 	}
 
@@ -84,11 +83,6 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if utils.Cfg.TeamSettings.DisableTeamCreation {
-		c.Err = model.NewAppError("createTeamFromSignup", "Team creation has been disabled. Please ask your systems administrator for details.", "")
-		return
-	}
-
 	props := model.MapFromJson(strings.NewReader(teamSignup.Data))
 	teamSignup.Team.Email = props["email"]
 	teamSignup.User.Email = props["email"]
@@ -99,6 +93,11 @@ func createTeamFromSignup(c *Context, w http.ResponseWriter, r *http.Request) {
 		c.Err = err
 		return
 	}
+
+	if !isTreamCreationAllowed(c, teamSignup.Team.Email) {
+		return
+	}
+
 	teamSignup.Team.Id = ""
 
 	password := teamSignup.User.Password
@@ -179,8 +178,7 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if utils.Cfg.TeamSettings.DisableTeamCreation {
-		c.Err = model.NewAppError("createTeam", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+	if !isTreamCreationAllowed(c, team.Email) {
 		return
 	}
 
@@ -211,6 +209,35 @@ func createTeam(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func isTreamCreationAllowed(c *Context, email string) bool {
+
+	email = strings.ToLower(email)
+
+	if utils.Cfg.TeamSettings.DisableTeamCreation {
+		c.Err = model.NewAppError("isTreamCreationAllowed", "Team creation has been disabled. Please ask your systems administrator for details.", "")
+		return false
+	}
+
+	// commas and @ signs are optional
+	// can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org
+	domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1))))
+
+	matched := false
+	for _, d := range domains {
+		if strings.HasSuffix(email, "@"+d) {
+			matched = true
+			break
+		}
+	}
+
+	if len(utils.Cfg.TeamSettings.RestrictCreationToDomains) > 0 && !matched {
+		c.Err = model.NewAppError("isTreamCreationAllowed", "Email must be from a specific domain (e.g. @example.com). Please ask your systems administrator for details.", "")
+		return false
+	}
+
+	return true
+}
+
 func findTeamByName(c *Context, w http.ResponseWriter, r *http.Request) {
 
 	m := model.MapFromJson(r.Body)
diff --git a/config/config.json b/config/config.json
index 768fd9356..572877d05 100644
--- a/config/config.json
+++ b/config/config.json
@@ -105,6 +105,7 @@
         "ReportProblemLink": "/static/help/configure_links.html",
         "TourLink": "/static/help/configure_links.html",
         "DefaultThemeColor": "#2389D7",
-        "DisableTeamCreation": true
+        "DisableTeamCreation": false,
+        "RestrictCreationToDomains": "mattermost.com, @spinpunch.com"
     }
 }
diff --git a/docker/0.6/config_docker.json b/docker/0.6/config_docker.json
index 2193a6540..57ea1594c 100644
--- a/docker/0.6/config_docker.json
+++ b/docker/0.6/config_docker.json
@@ -95,6 +95,7 @@
         "ReportProblemLink": "/static/help/configure_links.html",
         "TourLink": "/static/help/configure_links.html",
         "DefaultThemeColor": "#2389D7",
-        "DisableTeamCreation": true
+        "DisableTeamCreation": true,
+        "RestrictCreationToDomains": ""
     }
 }
diff --git a/utils/config.go b/utils/config.go
index 9e5de93bf..36301264c 100644
--- a/utils/config.go
+++ b/utils/config.go
@@ -109,17 +109,18 @@ type PrivacySettings struct {
 }
 
 type TeamSettings struct {
-	MaxUsersPerTeam     int
-	AllowPublicLink     bool
-	AllowValetDefault   bool
-	TermsLink           string
-	PrivacyLink         string
-	AboutLink           string
-	HelpLink            string
-	ReportProblemLink   string
-	TourLink            string
-	DefaultThemeColor   string
-	DisableTeamCreation bool
+	MaxUsersPerTeam           int
+	AllowPublicLink           bool
+	AllowValetDefault         bool
+	TermsLink                 string
+	PrivacyLink               string
+	AboutLink                 string
+	HelpLink                  string
+	ReportProblemLink         string
+	TourLink                  string
+	DefaultThemeColor         string
+	DisableTeamCreation       bool
+	RestrictCreationToDomains string
 }
 
 type Config struct {
-- 
cgit v1.2.3-1-g7c22