Restrict uninvited signups from configured domains

tramlinehq · Oct 10, 2023 · 1e281e6 · tachyons · Oct 10, 2023 · 1e281e6
1 parent 9f251b1
commit 1e281e6
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 0 deletions.
diff --git a/.env.development b/.env.development
@@ -15,3 +15,4 @@ BILLING_URL=https://billing.stripe.com/p/login
 SENTRY_SECURITY_HEADER_ENDPOINT=
 SESSION_TIMEOUT_IN_MINUTES=7200
 JUNE_ANALYTICS_KEY=
+DISALLOWED_SIGN_UP_DOMAINS=
diff --git a/app/models/accounts/user.rb b/app/models/accounts/user.rb
@@ -52,12 +52,28 @@ class Accounts::User < ApplicationRecord
 
   accepts_nested_attributes_for :organizations
 
+  def self.valid_email_domain?(user)
+    return false if user.email.blank?
+    begin
+      disallowed_domains = ENV["DISALLOWED_SIGN_UP_DOMAINS"].split(",")
+      parsed_email = Mail::Address.new(user.email)
+      disallowed_domains.include?(parsed_email.domain)
+    rescue
+      false
+    end
+  end
+
   def self.onboard(user)
     if find_by(email: user.email)
       user.errors.add(:account_exists, "you already have an account with tramline!")
       return user
     end
 
+    if valid_email_domain?(user)
+      user.errors.add(:email, :invalid_domain)
+      return
+    end
+
     new_organization = user.organizations.first
     new_membership = user.memberships.first
     new_organization.status = Accounts::Organization.statuses[:active]

diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -108,6 +108,7 @@ en:
               not_blank: "The email can't be blank"
               already_taken: "This email has already been taken"
               too_long: "The email is too long (maximum is 105 characters)"
+              invalid_domain: "This email domain is invite-only. Please use a different address or contact support!"
         accounts/invite:
           attributes:
             role: