GOOGLE_OAUTH_EXTRA_SCOPE = [...]
+- Supply a list of domain strings to be checked. The default (empty list) allows all domains. If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+
+ GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+
Check which applications can be included in their `Google Data Protocol Directory`_
Configurable settings:
-- Supply a list of domain strings to be checked. The default (empty list) allows all domains. If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+- Supply a list of domain strings to be checked::
GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
def get_user_id(self, details, response):
"Use google email as unique id"""
+ validate_allowed_domain(details['email'])
return details['email']
def get_user_details(self, response):
is unique enought to flag a single user. Email comes from schema:
http://axschema.org/contact/email
"""
- # White listed domains (accepts all if list is empty)
- domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
- if domains and details['email'].split('@', 1)[1] not in domains:
- raise ValueError('Domain not allowed')
+ validate_allowed_domain(details['email'])
return details['email']
return None
+def validate_allowed_domain(email):
+ """Validates allowed domains against the GOOGLE_WHITE_LISTED_DOMAINS setting.
+ Allows all domains if setting is an empty list.
+ """
+ domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
+ if domains and email.split('@', 1)[1] not in domains:
+ raise ValueError('Domain not allowed')
+
+
+
# Backend definition
BACKENDS = {
'google': GoogleAuth,
projects / django-social-auth.git / commitdiff