From 3c563e300126cd43a7396b15ab3fe40364921fe8 Mon Sep 17 00:00:00 2001
From: Tom Moor <tom.moor@gmail.com>
Date: Sat, 17 Nov 2018 23:30:05 -0800
Subject: [PATCH] Ensure team authentication matches subdomain

---
 app/components/Auth.js | 15 ++++++++++++++-
 server/routes.js       |  2 +-
 webpack.config.js      |  2 +-
 webpack.config.prod.js |  2 +-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/app/components/Auth.js b/app/components/Auth.js
index 2a6b33ac1..268dae30e 100644
--- a/app/components/Auth.js
+++ b/app/components/Auth.js
@@ -19,15 +19,28 @@ let authenticatedStores;
 const Auth = observer(({ auth, children }: Props) => {
   if (auth.authenticated) {
     const { user, team } = auth;
+    const { hostname } = window.location;
 
     if (!team || !user) {
       return <LoadingIndicator />;
     }
 
+    // If we're authenticated but viewing a subdomain that doesn't match the
+    // authenticated team then kick the user to the teams subdomain.
+    // www is a special case, as always
+    if (
+      process.env.SUBDOMAINS_ENABLED &&
+      team.subdomain &&
+      !hostname.startsWith(`${team.subdomain}.`) &&
+      !hostname.startsWith('www.')
+    ) {
+      window.location.href = `${team.url}${window.location.pathname}`;
+      return <LoadingIndicator />;
+    }
+
     // Only initialize stores once. Kept in global scope because otherwise they
     // will get overridden on route change
     if (!authenticatedStores) {
-      // Stores for authenticated user
       authenticatedStores = {
         integrations: new IntegrationsStore({
           ui: stores.ui,
diff --git a/server/routes.js b/server/routes.js
index 691399cb8..926f55417 100644
--- a/server/routes.js
+++ b/server/routes.js
@@ -86,7 +86,7 @@ router.get('/', async ctx => {
     const team = await Team.find({
       where: { subdomain },
     });
-    if (team && process.env.SUBDOMAINS_ENABLED) {
+    if (team && process.env.SUBDOMAINS_ENABLED === 'true') {
       return renderpage(
         ctx,
         <SubdomainSignin
diff --git a/webpack.config.js b/webpack.config.js
index 761d5cd17..9fd8fb181 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -17,7 +17,7 @@ const definePlugin = new webpack.DefinePlugin({
   'process.env': {
     URL: JSON.stringify(process.env.URL),
     SLACK_KEY: JSON.stringify(process.env.SLACK_KEY),
-    SUBDOMAINS_ENABLED: JSON.stringify(process.env.SUBDOMAINS_ENABLED)
+    SUBDOMAINS_ENABLED: JSON.stringify(process.env.SUBDOMAINS_ENABLED === 'true')
   }
 });
 
diff --git a/webpack.config.prod.js b/webpack.config.prod.js
index ae398e52c..a17ecf60a 100644
--- a/webpack.config.prod.js
+++ b/webpack.config.prod.js
@@ -36,7 +36,7 @@ productionWebpackConfig.plugins = [
     'process.env.URL': JSON.stringify(process.env.URL),
     'process.env.NODE_ENV': JSON.stringify('production'),
     'process.env.GOOGLE_ANALYTICS_ID': JSON.stringify(process.env.GOOGLE_ANALYTICS_ID),
-    'process.env.SUBDOMAINS_ENABLED': JSON.stringify(process.env.SUBDOMAINS_ENABLED),
+    'process.env.SUBDOMAINS_ENABLED': JSON.stringify(process.env.SUBDOMAINS_ENABLED === 'true'),
   }),
 ];