Validate user email domain when adding a new user

common.js

@@ -171,7 +171,28 @@ module.exports.validateEmail = function (email, minlen, maxlen) { if (module.exp
 module.exports.validateUsername = function (username, minlen, maxlen) { return (module.exports.validateString(username, minlen, maxlen) && (username.indexOf(' ') == -1) && (username.indexOf('"') == -1) && (username.indexOf(',') == -1)); };
 module.exports.isAlphaNumeric = function (str) { return (str.match(/^[A-Za-z0-9]+$/) != null); };
 module.exports.validateAlphaNumericArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') || (module.exports.isAlphaNumeric(array[i]) == false) || ((minlen != null) && (array[i].length < minlen)) || ((maxlen != null) && (array[i].length > maxlen)) ) return false; } return true; };
+module.exports.getEmailDomain = function(email) {
+    if (!module.exports.validateEmail(email, 1, 1024)) {
+        return '';
+    }
+    const i = email.indexOf('@');
+    return email.substring(i + 1).toLowerCase();
+}
 
+module.exports.validateEmailDomain = function(email, allowedDomains) {
+    // Check if this request is for an allows email domain
+    if ((allowedDomains != null) && Array.isArray(allowedDomains)) {
+        const emaildomain = module.exports.getEmailDomain(email);
+        if (emaildomain === '') {
+            return false;
+        }
+        var emailok = false;
+        for (var i in allowedDomains) { if (emaildomain == allowedDomains[i].toLowerCase()) { emailok = true; } }
+        return emailok;
+    }
+
+    return true;
+}
 // Check password requirements
 module.exports.checkPasswordRequirements = function(password, requirements) {
     if ((requirements == null) || (requirements == '') || (typeof requirements != 'object')) return true;

meshuser.js

@@ -5186,7 +5186,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
         if (command.randomPassword === true) { command.pass = getRandomPassword(); }
 
         // Add a new user account
-        var err = null, errid = 0, newusername, newuserid, newuserdomain;
+        var err = null, errid = 0, args = null, newusername, newuserid, newuserdomain;
         try {
             if ((user.siteadmin & MESHRIGHT_MANAGEUSERS) == 0) { err = "Permission denied"; errid = 1; }
             else if (common.validateUsername(command.username, 1, 256) == false) { err = "Invalid username"; errid = 2; } // Username is between 1 and 64 characters, no spaces
@@ -5195,6 +5195,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
             else if ((command.randomPassword !== true) && (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false)) { err = "Invalid password"; errid = 3; } // Password does not meet requirements
             else if ((command.email != null) && (common.validateEmail(command.email, 1, 1024) == false)) { err = "Invalid email"; errid = 4; } // Check if this is a valid email address
             else if ((obj.crossDomain === true) && (command.domain != null) && ((typeof command.domain != 'string') || (parent.parent.config.domains[command.domain] == null))) { err = "Invalid domain"; errid = 5; } // Check if this is a valid domain
+            else if ((domain.newaccountemaildomains != null) && Array.isArray(domain.newaccountemaildomains) && !common.validateEmailDomain(command.email, domain.newaccountemaildomains)) { err = "Email domain is not allowed. Only (" + domain.newaccountemaildomains.join(', ') + ") are allowed."; errid=30; args = [common.getEmailDomain(command.email), domain.newaccountemaildomains.join(', ')]; }
             else {
                 newuserdomain = domain;
                 if ((obj.crossDomain === true) && (command.domain != null)) { newuserdomain = parent.parent.config.domains[command.domain]; }
@@ -5215,7 +5216,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                 obj.send({ action: 'adduser', responseid: command.responseid, result: err, msgid: errid });
             } else {
                 // Send error back, user not found.
-                displayNotificationMessage(err, "New Account", 'ServerNotify', 1, errid);
+                displayNotificationMessage(err, "New Account", 'ServerNotify', 1, errid, args);
             }
             return;
         }

views/default-mobile.handlebars

@@ -6437,7 +6437,8 @@
                 "No phone number for this user",
                 "SMS succesfuly sent.",
                 "SMS error",
-                "SMS error: {0}"
+                "SMS error: {0}",
+                "Email domain \"{0}\" is not allowed. Only ({1}) are allowed" // 30
             ];
             if (typeof n.titleid == 'number') { try { n.title = translatedTitles[n.titleid]; } catch (ex) { } }
             if (typeof n.msgid == 'number') { try { n.text = translatedMessages[n.msgid]; if (Array.isArray(n.args)) { n.text = format(n.text, n.args[0], n.args[1], n.args[2], n.args[3], n.args[4], n.args[5]); } } catch (ex) { } }

views/default.handlebars

@@ -16063,7 +16063,8 @@
                 "No phone number for this user",
                 "SMS succesfuly sent.",
                 "SMS error",
-                "SMS error: {0}"
+                "SMS error: {0}",
+                "Email domain \"{0}\" is not allowed. Only ({1}) are allowed" // 30
             ];
             if (typeof n.titleid == 'number') { try { n.title = translatedTitles[n.titleid]; } catch (ex) {} }
             if (typeof n.msgid == 'number') { try { n.text = translatedMessages[n.msgid]; if (Array.isArray(n.args)) { n.text = format(n.text, n.args[0], n.args[1], n.args[2], n.args[3], n.args[4], n.args[5]); } } catch (ex) { } }