From 71dd21ef3d89f8967b81a6bbfa67b2c85d3ad3e0 Mon Sep 17 00:00:00 2001 From: Chris Date: Fri, 3 Nov 2017 10:47:32 -0500 Subject: prevent users from changing email addresses to restricted domains (#7765) --- app/user.go | 11 +++++++++++ app/user_test.go | 19 +++++++++++++++++++ 2 files changed, 30 insertions(+) (limited to 'app') diff --git a/app/user.go b/app/user.go index 999fabbf8..60a6c887b 100644 --- a/app/user.go +++ b/app/user.go @@ -984,6 +984,17 @@ func (a *App) sendUpdatedUserEvent(user model.User, asAdmin bool) { } func (a *App) UpdateUser(user *model.User, sendNotifications bool) (*model.User, *model.AppError) { + if !CheckUserDomain(user, a.Config().TeamSettings.RestrictCreationToDomains) { + result := <-a.Srv.Store.User().Get(user.Id) + if result.Err != nil { + return nil, result.Err + } + prev := result.Data.(*model.User) + if !prev.IsLDAPUser() && !prev.IsSAMLUser() && user.Email != prev.Email { + return nil, model.NewAppError("UpdateUser", "api.user.create_user.accepted_domain.app_error", nil, "", http.StatusBadRequest) + } + } + if result := <-a.Srv.Store.User().Update(user, false); result.Err != nil { return nil, result.Err } else { diff --git a/app/user_test.go b/app/user_test.go index d9f40a604..3a924dfa7 100644 --- a/app/user_test.go +++ b/app/user_test.go @@ -137,6 +137,25 @@ func TestCreateProfileImage(t *testing.T) { } } +func TestUpdateUserToRestrictedDomain(t *testing.T) { + th := Setup() + defer th.TearDown() + + user := th.CreateUser() + defer th.App.PermanentDeleteUser(user) + + th.App.UpdateConfig(func(cfg *model.Config) { + cfg.TeamSettings.RestrictCreationToDomains = "foo.com" + }) + + _, err := th.App.UpdateUser(user, false) + assert.True(t, err == nil) + + user.Email = "asdf@ghjk.l" + _, err = th.App.UpdateUser(user, false) + assert.False(t, err == nil) +} + func TestUpdateOAuthUserAttrs(t *testing.T) { th := Setup() defer th.TearDown() -- cgit v1.2.3-1-g7c22