feat: Migrate allowedDomains to a Team Level Settings (#3489)

Fixes #3412 Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances. This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name This settings is updated on the Security Tab. Here domains can be added or removed from the Team. On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
2022-05-17 20:26:29 -04:00
parent 18e0d936ef
commit 51001cfac1
27 changed files with 622 additions and 78 deletions
--- a/server/commands/userCreator.ts
+++ b/server/commands/userCreator.ts
@@ -1,5 +1,5 @@
 import { Op } from "sequelize";
-import { InviteRequiredError } from "@server/errors";
+import { DomainNotAllowedError, InviteRequiredError } from "@server/errors";
 import { Event, Team, User, UserAuthentication } from "@server/models";

 type UserCreatorResult = {
@@ -145,7 +145,7 @@ export default async function userCreator({

  try {
    const team = await Team.findByPk(teamId, {
-      attributes: ["defaultUserRole", "inviteRequired"],
+      attributes: ["defaultUserRole", "inviteRequired", "id"],
      transaction,
    });

@@ -155,6 +155,13 @@ export default async function userCreator({
      throw InviteRequiredError();
    }

+    // If the team settings do not allow this domain,
+    // throw an error and fail user creation.
+    const domain = email.split("@")[1];
+    if (team && !(await team.isDomainAllowed(domain))) {
+      throw DomainNotAllowedError();
+    }
+
    const defaultUserRole = team?.defaultUserRole;

    const user = await User.create(