From 71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0 Mon Sep 17 00:00:00 2001
From: Chris <ccbrown112@gmail.com>
Date: Fri, 3 Nov 2017 10:47:32 -0500
Subject: prevent users from changing email addresses to restricted domains
 (#7765)

---
 app/user.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'app/user.go')

diff --git a/app/user.go b/app/user.go
index 999fabbf8..60a6c887b 100644
--- a/app/user.go
+++ b/app/user.go
@@ -984,6 +984,17 @@ func (a *App) sendUpdatedUserEvent(user model.User, asAdmin bool) {
 }
 
 func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) {
+	if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) {
+		result := <-a.Srv.Store.User().Get(user.Id)
+		if result.Err != nil {
+			return nil, result.Err
+		}
+		prev := result.Data.(*model.User)
+		if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email {
+			return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest)
+		}
+	}
+
 	if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil {
 		return nil, result.Err
 	} else {
-- 
cgit v1.2.3-1-g7c22