From d9914c55fb4d7d9c9549ea515b6f9fbf34719a76 Mon Sep 17 00:00:00 2001 From: George Secrieru Date: Tue, 20 Oct 2015 19:01:17 -0200 Subject: [PATCH 1/3] Added domain white list for accounts registration. --- i18n/en.i18n.json | 1 + i18n/pt.i18n.json | 1 + .../rocketchat-lib/settings/server/startup.coffee | 1 + server/lib/accounts.coffee | 15 ++++++++++++++- 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/i18n/en.i18n.json b/i18n/en.i18n.json index 01d2fa52b404..990823fb6286 100644 --- a/i18n/en.i18n.json +++ b/i18n/en.i18n.json @@ -2,6 +2,7 @@ "Access_online_demo" : "Access the online demo", "Access_Online_Demo" : "Access the Online Demo", "Accounts" : "Accounts", + "Accounts_AllowedDomainsList" : "Lista de domínios permitidos (separados por vírgula)", "Accounts_denyUnverifiedEmail" : "Deny unverified e-mail", "Accounts_EmailVerification" : "E-mail Verification", "Accounts_OAuth_Facebook" : "Facebook Login", diff --git a/i18n/pt.i18n.json b/i18n/pt.i18n.json index e467246e1605..32c44d5693b8 100644 --- a/i18n/pt.i18n.json +++ b/i18n/pt.i18n.json @@ -2,6 +2,7 @@ "Access_online_demo" : "Acesse o demo online", "Access_Online_Demo" : "Acesse o Demo Online", "Accounts" : "Contas", + "Accounts_AllowedDomainsList" : "Lista de domínios permitidos (separados por vírgula)", "Accounts_denyUnverifiedEmail" : "Proibir e-mail não verificado", "Accounts_EmailVerification" : "Verificação de E-mail", "Accounts_OAuth_Facebook" : "Login do Facebook", diff --git a/packages/rocketchat-lib/settings/server/startup.coffee b/packages/rocketchat-lib/settings/server/startup.coffee index e6c3fa4df826..61a2a5be2c26 100644 --- a/packages/rocketchat-lib/settings/server/startup.coffee +++ b/packages/rocketchat-lib/settings/server/startup.coffee @@ -6,6 +6,7 @@ RocketChat.settings.addGroup 'Accounts' RocketChat.settings.add 'Accounts_RegistrationRequired', true, { type: 'boolean', group: 'Accounts', public: true, section: 'Registration' } RocketChat.settings.add 'Accounts_EmailVerification', false, { type: 'boolean', group: 'Accounts', public: true, section: 'Registration' } RocketChat.settings.add 'Accounts_ManuallyApproveNewUsers', false, { type: 'boolean', group: 'Accounts', section: 'Registration' } +RocketChat.settings.add 'Accounts_AllowedDomainsList', '', { type: 'string', group: 'Accounts', public: true, section: 'Registration' } RocketChat.settings.add 'Accounts_AvatarStoreType', 'GridFS', { type: 'string', group: 'Accounts', section: 'Avatar' } RocketChat.settings.add 'Accounts_AvatarStorePath', '/var/www/rocket.chat/uploads/avatar/', { type: 'string', group: 'Accounts', section: 'Avatar' } diff --git a/server/lib/accounts.coffee b/server/lib/accounts.coffee index b79020457074..52df5010c23e 100644 --- a/server/lib/accounts.coffee +++ b/server/lib/accounts.coffee @@ -1,5 +1,18 @@ # Deny Account.createUser in client -Accounts.config { forbidClientAccountCreation: true } +accountsConfig = { forbidClientAccountCreation: true } + +domainWhiteList = _.map RocketChat.settings.get('Account_AllowedDomainsList').split(','), (domain) -> domain.trim() +if domainWhiteList + accountsConfig.restrictCreationByEmailDomain = (email) -> + ret = false + for domain in domainWhiteList + if email.match(domain + '$') + ret = true + break; + + return ret + +Accounts.config accountsConfig Accounts.emailTemplates.siteName = RocketChat.settings.get 'Site_Name'; Accounts.emailTemplates.from = "#{RocketChat.settings.get 'Site_Name'} <#{RocketChat.settings.get 'From_Email'}>"; From a0257bfdfc991d8164905ee6606db7d9d8b890fb Mon Sep 17 00:00:00 2001 From: George Secrieru Date: Tue, 20 Oct 2015 19:02:26 -0200 Subject: [PATCH 2/3] Fix translation copy-and-paste --- i18n/en.i18n.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/i18n/en.i18n.json b/i18n/en.i18n.json index 990823fb6286..87b20caad96f 100644 --- a/i18n/en.i18n.json +++ b/i18n/en.i18n.json @@ -2,7 +2,7 @@ "Access_online_demo" : "Access the online demo", "Access_Online_Demo" : "Access the Online Demo", "Accounts" : "Accounts", - "Accounts_AllowedDomainsList" : "Lista de domínios permitidos (separados por vírgula)", + "Accounts_AllowedDomainsList" : "Comma-separated list of allowed domains", "Accounts_denyUnverifiedEmail" : "Deny unverified e-mail", "Accounts_EmailVerification" : "E-mail Verification", "Accounts_OAuth_Facebook" : "Facebook Login", From b74dd61134bb8b617c89e15b073cee9814add31c Mon Sep 17 00:00:00 2001 From: George Secrieru Date: Wed, 21 Oct 2015 19:26:21 -0200 Subject: [PATCH 3/3] Prevents breaking registration when field is empty (''.split(',') == ['']) --- server/lib/accounts.coffee | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/lib/accounts.coffee b/server/lib/accounts.coffee index 52df5010c23e..230477775300 100644 --- a/server/lib/accounts.coffee +++ b/server/lib/accounts.coffee @@ -1,8 +1,8 @@ # Deny Account.createUser in client accountsConfig = { forbidClientAccountCreation: true } -domainWhiteList = _.map RocketChat.settings.get('Account_AllowedDomainsList').split(','), (domain) -> domain.trim() -if domainWhiteList +if RocketChat.settings.get('Account_AllowedDomainsList') + domainWhiteList = _.map RocketChat.settings.get('Account_AllowedDomainsList').split(','), (domain) -> domain.trim() accountsConfig.restrictCreationByEmailDomain = (email) -> ret = false for domain in domainWhiteList