yetangitu/OpenSTF
1
0
Fork 0
mirror of https://github.com/openstf/stf synced 2025-10-04 18:29:17 +02:00
Code Issues Releases Wiki Activity

Email domain restriction added for OAuth2 authorization.

Browse source
This commit is contained in:
Karol Wrótniak 2017-01-27 22:02:41 +01:00
parent 79aadbb090
commit 8b9ff7e580
No known key found for this signature in database
GPG key ID: DE1EED7FE32385FE
2 changed files with 21 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
lib/units/auth/oauth2/index.js
View file

@ -28,10 +28,20 @@ module.exports = function(options) {
, session: false
}))
function isEmailAllowed(email) {
if (email) {
if (options.domain) {
return email.endsWith(options.domain)
}
return true
}
return false
}
app.get(
'/auth/oauth/callback'
, function(req, res) {
if (req.user.email) {
if (isEmailAllowed(req.user.email)) {
res.redirect(urlutil.addParams(options.appUrl, {
jwt: jwtutil.encode({
payload: {
@ -46,8 +56,9 @@ module.exports = function(options) {
}))
}
else {
log.warn('Missing email in profile', req.user)
res.redirect('/auth/oauth/')
log.warn('Missing or disallowed email in profile', req.user)
res.send('<html><body>Missing or rejected email address ' +
'<a href="/auth/oauth/">Retry</a></body></html>')
}
}
)