diff --git a/common.js b/common.js index 7db0da7c..307d2ce7 100644 --- a/common.js +++ b/common.js @@ -171,7 +171,28 @@ module.exports.validateEmail = function (email, minlen, maxlen) { if (module.exp module.exports.validateUsername = function (username, minlen, maxlen) { return (module.exports.validateString(username, minlen, maxlen) && (username.indexOf(' ') == -1) && (username.indexOf('"') == -1) && (username.indexOf(',') == -1)); }; module.exports.isAlphaNumeric = function (str) { return (str.match(/^[A-Za-z0-9]+$/) != null); }; module.exports.validateAlphaNumericArray = function (array, minlen, maxlen) { if (((array != null) && Array.isArray(array)) == false) return false; for (var i in array) { if ((typeof array[i] != 'string') || (module.exports.isAlphaNumeric(array[i]) == false) || ((minlen != null) && (array[i].length < minlen)) || ((maxlen != null) && (array[i].length > maxlen)) ) return false; } return true; }; +module.exports.getEmailDomain = function(email) { + if (!module.exports.validateEmail(email, 1, 1024)) { + return ''; + } + const i = email.indexOf('@'); + return email.substring(i + 1).toLowerCase(); +} +module.exports.validateEmailDomain = function(email, allowedDomains) { + // Check if this request is for an allows email domain + if ((allowedDomains != null) && Array.isArray(allowedDomains)) { + const emaildomain = module.exports.getEmailDomain(email); + if (emaildomain === '') { + return false; + } + var emailok = false; + for (var i in allowedDomains) { if (emaildomain == allowedDomains[i].toLowerCase()) { emailok = true; } } + return emailok; + } + + return true; +} // Check password requirements module.exports.checkPasswordRequirements = function(password, requirements) { if ((requirements == null) || (requirements == '') || (typeof requirements != 'object')) return true; diff --git a/meshuser.js b/meshuser.js index 842dd255..c1c95cbe 100644 --- a/meshuser.js +++ b/meshuser.js @@ -5186,7 +5186,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use if (command.randomPassword === true) { command.pass = getRandomPassword(); } // Add a new user account - var err = null, errid = 0, newusername, newuserid, newuserdomain; + var err = null, errid = 0, args = null, newusername, newuserid, newuserdomain; try { if ((user.siteadmin & MESHRIGHT_MANAGEUSERS) == 0) { err = "Permission denied"; errid = 1; } else if (common.validateUsername(command.username, 1, 256) == false) { err = "Invalid username"; errid = 2; } // Username is between 1 and 64 characters, no spaces @@ -5195,6 +5195,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use else if ((command.randomPassword !== true) && (common.checkPasswordRequirements(command.pass, domain.passwordrequirements) == false)) { err = "Invalid password"; errid = 3; } // Password does not meet requirements else if ((command.email != null) && (common.validateEmail(command.email, 1, 1024) == false)) { err = "Invalid email"; errid = 4; } // Check if this is a valid email address else if ((obj.crossDomain === true) && (command.domain != null) && ((typeof command.domain != 'string') || (parent.parent.config.domains[command.domain] == null))) { err = "Invalid domain"; errid = 5; } // Check if this is a valid domain + else if ((domain.newaccountemaildomains != null) && Array.isArray(domain.newaccountemaildomains) && !common.validateEmailDomain(command.email, domain.newaccountemaildomains)) { err = "Email domain is not allowed. Only (" + domain.newaccountemaildomains.join(', ') + ") are allowed."; errid=30; args = [common.getEmailDomain(command.email), domain.newaccountemaildomains.join(', ')]; } else { newuserdomain = domain; if ((obj.crossDomain === true) && (command.domain != null)) { newuserdomain = parent.parent.config.domains[command.domain]; } @@ -5215,7 +5216,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use obj.send({ action: 'adduser', responseid: command.responseid, result: err, msgid: errid }); } else { // Send error back, user not found. - displayNotificationMessage(err, "New Account", 'ServerNotify', 1, errid); + displayNotificationMessage(err, "New Account", 'ServerNotify', 1, errid, args); } return; } diff --git a/views/default-mobile.handlebars b/views/default-mobile.handlebars index 333055e2..c07802e0 100644 --- a/views/default-mobile.handlebars +++ b/views/default-mobile.handlebars @@ -6437,7 +6437,8 @@ "No phone number for this user", "SMS succesfuly sent.", "SMS error", - "SMS error: {0}" + "SMS error: {0}", + "Email domain \"{0}\" is not allowed. Only ({1}) are allowed" // 30 ]; if (typeof n.titleid == 'number') { try { n.title = translatedTitles[n.titleid]; } catch (ex) { } } if (typeof n.msgid == 'number') { try { n.text = translatedMessages[n.msgid]; if (Array.isArray(n.args)) { n.text = format(n.text, n.args[0], n.args[1], n.args[2], n.args[3], n.args[4], n.args[5]); } } catch (ex) { } } diff --git a/views/default.handlebars b/views/default.handlebars index 71b3ac22..21b08179 100644 --- a/views/default.handlebars +++ b/views/default.handlebars @@ -16077,7 +16077,8 @@ "No phone number for this user", "SMS succesfuly sent.", "SMS error", - "SMS error: {0}" + "SMS error: {0}", + "Email domain \"{0}\" is not allowed. Only ({1}) are allowed" // 30 ]; if (typeof n.titleid == 'number') { try { n.title = translatedTitles[n.titleid]; } catch (ex) {} } if (typeof n.msgid == 'number') { try { n.text = translatedMessages[n.msgid]; if (Array.isArray(n.args)) { n.text = format(n.text, n.args[0], n.args[1], n.args[2], n.args[3], n.args[4], n.args[5]); } } catch (ex) { } }