diff options
-rw-r--r-- | api4/team_test.go | 16 | ||||
-rw-r--r-- | app/team.go | 33 | ||||
-rw-r--r-- | i18n/en.json | 4 | ||||
-rw-r--r-- | webapp/components/invite_member_modal.jsx | 3 |
4 files changed, 48 insertions, 8 deletions
diff --git a/api4/team_test.go b/api4/team_test.go index e62790173..665db95f5 100644 --- a/api4/team_test.go +++ b/api4/team_test.go @@ -1449,6 +1449,22 @@ func TestInviteUsersToTeam(t *testing.T) { } } } + + restrictCreationToDomains := utils.Cfg.TeamSettings.RestrictCreationToDomains + defer func() { + utils.Cfg.TeamSettings.RestrictCreationToDomains = restrictCreationToDomains + }() + utils.Cfg.TeamSettings.RestrictCreationToDomains = "@example.com" + + err := app.InviteNewUsersToTeam(emailList, th.BasicTeam.Id, th.BasicUser.Id) + + if err == nil { + t.Fatal("Adding users with non-restricted domains was allowed") + } + if err.Where != "InviteNewUsersToTeam" || err.Message != "api.team.invite_members.invalid_email.app_error" { + t.Log(err) + t.Fatal("Got wrong error message!") + } } func TestGetTeamInviteInfo(t *testing.T) { diff --git a/app/team.go b/app/team.go index 94523f8b5..be15b8a39 100644 --- a/app/team.go +++ b/app/team.go @@ -55,13 +55,8 @@ func CreateTeamWithUser(team *model.Team, userId string) (*model.Team, *model.Ap return rteam, nil } -func isTeamEmailAllowed(user *model.User) bool { - email := strings.ToLower(user.Email) - - if len(user.AuthService) > 0 && len(*user.AuthData) > 0 { - return true - } - +func isTeamEmailAddressAllowed(email string) bool { + email = strings.ToLower(email) // commas and @ signs are optional // can be in the form of "@corp.mattermost.com, mattermost.com mattermost.org" -> corp.mattermost.com mattermost.com mattermost.org domains := strings.Fields(strings.TrimSpace(strings.ToLower(strings.Replace(strings.Replace(utils.Cfg.TeamSettings.RestrictCreationToDomains, "@", " ", -1), ",", " ", -1)))) @@ -81,6 +76,16 @@ func isTeamEmailAllowed(user *model.User) bool { return true } +func isTeamEmailAllowed(user *model.User) bool { + email := strings.ToLower(user.Email) + + if len(user.AuthService) > 0 && len(*user.AuthData) > 0 { + return true + } + + return isTeamEmailAddressAllowed(email) +} + func UpdateTeam(team *model.Team) (*model.Team, *model.AppError) { var oldTeam *model.Team var err *model.AppError @@ -621,6 +626,20 @@ func InviteNewUsersToTeam(emailList []string, teamId, senderId string) *model.Ap return err } + var invalidEmailList []string + + for _, email := range emailList { + if ! isTeamEmailAddressAllowed(email) { + invalidEmailList = append(invalidEmailList, email) + } + } + + if len(invalidEmailList) > 0 { + s := strings.Join(invalidEmailList, ", ") + err := model.NewAppError("InviteNewUsersToTeam", "api.team.invite_members.invalid_email.app_error", map[string]interface{}{"Addresses": s}, "", http.StatusBadRequest) + return err + } + tchan := Srv.Store.Team().Get(teamId) uchan := Srv.Store.User().Get(senderId) diff --git a/i18n/en.json b/i18n/en.json index a2d1637a3..6371522a4 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -2132,6 +2132,10 @@ "translation": "Failed to send invite email successfully err=%v" }, { + "id": "api.team.invite_members.invalid_email.app_error", + "translation": "The following email addresses do not belong to an accepted domain: {{.Addresses}}. Please contact your System Administrator for details." + }, + { "id": "api.team.invite_members.sending.info", "translation": "sending invitation to %v %v" }, diff --git a/webapp/components/invite_member_modal.jsx b/webapp/components/invite_member_modal.jsx index 1e500115d..07aa9a1a3 100644 --- a/webapp/components/invite_member_modal.jsx +++ b/webapp/components/invite_member_modal.jsx @@ -97,7 +97,8 @@ class InviteMemberModal extends React.Component { handleToggle(value) { this.setState({ - show: value + show: value, + serverError: null }); } |