From a3149335571d47af810aff3665665f0eb5c9f168 Mon Sep 17 00:00:00 2001 From: Jeremy Lin Date: Sun, 24 May 2020 14:00:26 -0700 Subject: [PATCH] Allow email changes for existing accounts even when signups are disabled --- src/api/core/accounts.rs | 4 ++-- src/api/core/organizations.rs | 2 +- src/config.rs | 11 ++++++----- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/api/core/accounts.rs b/src/api/core/accounts.rs index 1c487da3..31bcdeda 100644 --- a/src/api/core/accounts.rs +++ b/src/api/core/accounts.rs @@ -379,8 +379,8 @@ fn post_email_token(data: JsonUpcase, headers: Headers, conn: Db err!("Email already in use"); } - if !CONFIG.is_signup_allowed(&data.NewEmail) { - err!("Email cannot be changed to this address"); + if !CONFIG.is_email_domain_allowed(&data.NewEmail) { + err!("Email domain not allowed"); } let token = crypto::generate_token(6)?; diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index 06988462..af43b588 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -488,7 +488,7 @@ fn send_invite(org_id: String, data: JsonUpcase, headers: AdminHeade err!(format!("User does not exist: {}", email)) } - if !CONFIG.signups_domains_whitelist().is_empty() && !CONFIG.is_email_domain_whitelisted(&email) { + if !CONFIG.is_email_domain_allowed(&email) { err!("Email domain not eligible for invitations") } diff --git a/src/config.rs b/src/config.rs index 7c918ecd..9434c39a 100644 --- a/src/config.rs +++ b/src/config.rs @@ -558,9 +558,10 @@ impl Config { self.update_config(builder) } - /// Tests whether an email's domain is in signups_domains_whitelist. - /// Returns false if no whitelist is set. - pub fn is_email_domain_whitelisted(&self, email: &str) -> bool { + /// Tests whether an email's domain is allowed. A domain is allowed if it + /// is in signups_domains_whitelist, or if no whitelist is set (so there + /// are no domain restrictions in effect). + pub fn is_email_domain_allowed(&self, email: &str) -> bool { let e: Vec<&str> = email.rsplitn(2, '@').collect(); if e.len() != 2 || e[0].is_empty() || e[1].is_empty() { warn!("Failed to parse email address '{}'", email); @@ -569,7 +570,7 @@ impl Config { let email_domain = e[0].to_lowercase(); let whitelist = self.signups_domains_whitelist(); - !whitelist.is_empty() && whitelist.split(',').any(|d| d.trim() == email_domain) + whitelist.is_empty() || whitelist.split(',').any(|d| d.trim() == email_domain) } /// Tests whether signup is allowed for an email address, taking into @@ -577,7 +578,7 @@ impl Config { pub fn is_signup_allowed(&self, email: &str) -> bool { if !self.signups_domains_whitelist().is_empty() { // The whitelist setting overrides the signups_allowed setting. - self.is_email_domain_whitelisted(email) + self.is_email_domain_allowed(email) } else { self.signups_allowed() }