From a581b8177dd6be719a5ef6d3ce4b1e939636bb41 Mon Sep 17 00:00:00 2001
From: shatfield4 <seanhatfield5@gmail.com>
Date: Tue, 23 Jan 2024 16:02:10 -0800
Subject: [PATCH] perform more strict domain check when domain restriction is
 enables

---
 backend/endpoints/auth.js | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/backend/endpoints/auth.js b/backend/endpoints/auth.js
index 28970be6..4f837299 100644
--- a/backend/endpoints/auth.js
+++ b/backend/endpoints/auth.js
@@ -160,18 +160,17 @@ function authenticationEndpoints(app) {
       const domainRestriction = await SystemSettings.get({
         label: "account_creation_domain_scope",
       });
-      if (
-        !!domainRestriction &&
-        domainRestriction.value !== null &&
-        !email.includes(domainRestriction.value)
-      ) {
-        response.status(200).json({
-          user: null,
-          valid: false,
-          token: null,
-          message: "[003] Invalid account creation values.",
-        });
-        return;
+      if (domainRestriction && domainRestriction.value) {
+        const emailDomain = email.substring(email.lastIndexOf("@") + 1);
+        if (emailDomain !== domainRestriction.value) {
+          response.status(200).json({
+            user: null,
+            valid: false,
+            token: null,
+            message: "[003] Invalid account creation values.",
+          });
+          return;
+        }
       }
 
       const { user, message } = await User.create({ email, password });