From ce38c71fa7ec1fc2f77883570641b6c33411d351 Mon Sep 17 00:00:00 2001 From: "a.bouhuolia" Date: Mon, 8 May 2023 00:35:28 +0200 Subject: [PATCH] fix(server): should allowed email addresses and domain be irrespective. --- .../src/api/controllers/Authentication.ts | 18 ++-------- .../src/services/Authentication/AuthSignup.ts | 34 ++++++++----------- .../src/services/Authentication/_constants.ts | 4 +-- 3 files changed, 18 insertions(+), 38 deletions(-) diff --git a/packages/server/src/api/controllers/Authentication.ts b/packages/server/src/api/controllers/Authentication.ts index a8bb1b4d5..e4d356c04 100644 --- a/packages/server/src/api/controllers/Authentication.ts +++ b/packages/server/src/api/controllers/Authentication.ts @@ -277,30 +277,18 @@ export default class AuthenticationController extends BaseController { ], }); } - if (error.errorType === 'SIGNUP_NOT_ALLOWED_EMAIL_DOMAIN') { + if (error.errorType === 'SIGNUP_RESTRICTED_NOT_ALLOWED') { return res.status(400).send({ errors: [ { - type: 'SIGNUP_NOT_ALLOWED_EMAIL_DOMAIN', + type: 'SIGNUP_RESTRICTED_NOT_ALLOWED', message: - 'Sign-up is restricted the given email domain is not allowed to sign-up.', + 'Sign-up is restricted the given email address is not allowed to sign-up.', code: 710, }, ], }); } - if (error.errorType === 'SIGNUP_NOT_ALLOWED_EMAIL_ADDRESS') { - return res.status(400).send({ - errors: [ - { - type: 'SIGNUP_NOT_ALLOWED_EMAIL_ADDRESS', - message: - 'The sign-up restricted the given email address is not allowed to sign-up.', - code: 720, - }, - ], - }); - } } next(error); } diff --git a/packages/server/src/services/Authentication/AuthSignup.ts b/packages/server/src/services/Authentication/AuthSignup.ts index 0adbdb9fe..b064a3d91 100644 --- a/packages/server/src/services/Authentication/AuthSignup.ts +++ b/packages/server/src/services/Authentication/AuthSignup.ts @@ -87,30 +87,24 @@ export class AuthSignupService { // Can't continue if the signup is not disabled. if (!config.signupRestrictions.disabled) return; - // Validate the allowed domains. - if (!isEmpty(config.signupRestrictions.allowedDomains)) { + // Validate the allowed email addresses and domains. + if ( + !isEmpty(config.signupRestrictions.allowedEmails) || + !isEmpty(config.signupRestrictions.allowedDomains) + ) { const emailDomain = email.split('@').pop(); - const isAllowed = config.signupRestrictions.allowedDomains.some( - (domain) => emailDomain === domain - ); - if (!isAllowed) { - throw new ServiceError(ERRORS.SIGNUP_NOT_ALLOWED_EMAIL_DOMAIN); - } - } - // Validate the allowed email addresses. - if (!isEmpty(config.signupRestrictions.allowedEmails)) { - const isAllowed = + const isAllowedEmail = config.signupRestrictions.allowedEmails.indexOf(email) !== -1; - if (!isAllowed) { - throw new ServiceError(ERRORS.SIGNUP_NOT_ALLOWED_EMAIL_ADDRESS); + const isAllowedDomain = config.signupRestrictions.allowedDomains.some( + (domain) => emailDomain === domain + ); + + if (!isAllowedEmail && !isAllowedDomain) { + throw new ServiceError(ERRORS.SIGNUP_RESTRICTED_NOT_ALLOWED); } - } - // Throw error if the signup is disabled with no exceptions. - if ( - isEmpty(config.signupRestrictions.allowedDomains) && - isEmpty(config.signupRestrictions.allowedEmails) - ) { + // Throw error if the signup is disabled with no exceptions. + } else { throw new ServiceError(ERRORS.SIGNUP_RESTRICTED); } } diff --git a/packages/server/src/services/Authentication/_constants.ts b/packages/server/src/services/Authentication/_constants.ts index fc2718d4b..8c62dbe6c 100644 --- a/packages/server/src/services/Authentication/_constants.ts +++ b/packages/server/src/services/Authentication/_constants.ts @@ -7,8 +7,6 @@ export const ERRORS = { TOKEN_EXPIRED: 'TOKEN_EXPIRED', PHONE_NUMBER_EXISTS: 'PHONE_NUMBER_EXISTS', EMAIL_EXISTS: 'EMAIL_EXISTS', - - SIGNUP_NOT_ALLOWED_EMAIL_ADDRESS: 'SIGNUP_NOT_ALLOWED_EMAIL_ADDRESS', - SIGNUP_NOT_ALLOWED_EMAIL_DOMAIN: 'SIGNUP_NOT_ALLOWED_EMAIL_DOMAIN', + SIGNUP_RESTRICTED_NOT_ALLOWED: 'SIGNUP_RESTRICTED_NOT_ALLOWED', SIGNUP_RESTRICTED: 'SIGNUP_RESTRICTED', };