Require email address to match domain

[mhkeller]

When registering for an account, it would be great to restrict that ability to only users of a certain email domain.

[gmsecrieru]

👍 Looks like a great settings-based feature!

[Ribeiro]

@gmsecrieru Could you please give some example on this requirement? Maybe I could work on this! Thankx =)

[gmsecrieru]

@Ribeiro Well, I think there's more to the picture than meets the eye, but to get things moving you could:

• Create a new Admin setting for the domain restriction - ref. here
• Change Registrarion form validation based on the setting.

Feel free to ping us on the Demo Server should you have any questions, and thanks for your help!

[emcguinness]

Definately sounds like a useful feature, just a few thoughts. First on features. Domain lockdown should not be to a single domain, it should be a list you can optionally add multiple domains to, bonus points if they accept regex. An option to negate the list to turn it into a blacklist could be handy for some people.

Then just a thought on implementation, how does this interact with the other login methods(Google, github, etc)? Easiest option is to have it work only with local logins, perhaps with a warning if you enable the feature while you have a third party sign in option enabled? The more useful, but perhaps complex, option could be to have it apply to these alternative login methods where it makes sense(for example gmail as that is also still an email address).

These are just some ramblings, feel free to ignore part or all of the above message.

[gmsecrieru]

@emcguinness Thanks for putting this down!

👍 for allowing a list of domains, but that might require a few tweaks on the RocketChat.Settings behavior or a new type of setting -- just a guess here, would have to dig further to confirm. Pertaining to other logins methods, I see at least two roads:

1. Disable other login methods, as e-mail registration is currently our default-by-design option
2. Keep other methods setup but (obviously) limit e-mail registration to the whitelist

Maybe we should stick with a simpler/less complex scenario for this feature at this point, so that we can have more people contributing :)

[mhkeller]

Thanks for working on this! As a lazy way of implementing a list if that settings type doesn't yet exist would be ask for a comma-delimited string. In case they add spaces you could trim after you split on the comma.

Le Oct 7, 2015 à 07:20, George Secrieru notifications@github.com a écrit :

@emcguinness Thanks for putting this down!

:+1 for allowing a list of domains, but that might require a few tweaks on the RocketChat.Settings behavior or a new type of setting -- just a guess here, would have to dig further to confirm. Pertaining to other logins methods, I see at least two roads:

Disable other login methods, as e-mail registration is currently our default-by-design option
Keep other methods setup but (obviously) limit e-mail registration to the whitelist
Maybe we should stick with a simpler/less complex scenario for this feature at this point, so that we can have more people contributing :)

—
Reply to this email directly or view it on GitHub.

[Ribeiro]

@gmsecrieru I was just taking a look at the code and it seems I need manipulate:

1. RocketChat.settings => adding valid domains range;
2. accounts.coffee => should implement and call a function to validate user´s email if it is within RocketChat,settings valid domains range on Accounts.onCreateUser().

Am I taking the right approach? Please, let me know. Thankx !

[gmsecrieru]

@Ribeiro Maybe we can leverage on configuration, looks like we have restrictCreationByEmailDomain for this!

[Ribeiro]

@gmsecrieru So on Rocket.Chat/server/lib/accounts.coffee we would use:

Accounts.config({
restrictCreationByEmailDomain: function(email) {
var domain = email.slice(email.lastIndexOf("@")+1); // or regex
var allowed = ["gmail.com", "outlook.com"];
return _.contains(allowed, domain);
},
...
});

Am I on the right direction here? ;)

[Ribeiro]

@gmsecrieru What do you think? Is there a domain whitelist? =)

[gmsecrieru]

@Ribeiro Sorry, been busy setting up unit tests. I will have this reviewed ASAP.

Thanks again for your effort!

[Ribeiro]

@gmsecrieru I´ve tried the meteor restrictCreationByEmailDomain approach but it refuses to accept a function as argument. It only accepts a string as argument. =(

[gmsecrieru]

@Ribeiro please have a look here