added GOOGLE_WHITE_LISTED_EMAILS setting and updated docs

diff --git a/doc/backends/google.rst b/doc/backends/google.rst
index 2867c37bad4dc409b953fa9138493507b4bf6c7d..eef96766e2d106bce5b3b17226a102c47d2e39b9 100644 (file)
--- a/doc/backends/google.rst
+++ b/doc/backends/google.rst
@@ -33,9 +33,13 @@ anonymous values will be used if not configured as described in their
 
       GOOGLE_OAUTH_EXTRA_SCOPE = [...]
 
-- Supply a list of domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+- Supply a list of Google Apps account domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
 
-    GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+    GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com']
+
+- Supply a list of Google Apps or Gmail email strings to be checked::
+
+    GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com']
 
 Check which applications can be included in their `Google Data Protocol Directory`_
 
@@ -74,9 +78,13 @@ Google OpenID
 
 Configurable settings:
 
-- Supply a list of domain strings to be checked::
+- Supply a list of Google Apps account domain strings to be checked::
+
+    GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com']
+
+- Supply a list of Google Apps or Gmail email strings to be checked::
 
-    GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+    GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com']
 
 
 Orkut

diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py
index c96d4fa8a4846ff51563db7058c9e595e760e130..f9d56a5d1570213f28edca5ab959c1368051c600 100644 (file)
--- a/social_auth/backends/google.py
+++ b/social_auth/backends/google.py
@@ -49,7 +49,7 @@ class GoogleOAuthBackend(OAuthBackend):
 
     def get_user_id(self, details, response):
         "Use google email as unique id"""
-        validate_allowed_domain(details['email'])
+        validate_whitelists(details['email'])
         return details['email']
 
     def get_user_details(self, response):
@@ -81,7 +81,7 @@ class GoogleBackend(OpenIDBackend):
         is unique enought to flag a single user. Email comes from schema:
         http://axschema.org/contact/email
         """
-        validate_allowed_domain(details['email'])
+        validate_whitelists(details['email'])
 
         return details['email']
 
@@ -199,11 +199,15 @@ def googleapis_email(url, params):
         return None
 
 
-def validate_allowed_domain(email):
-    """Validates allowed domains against the GOOGLE_WHITE_LISTED_DOMAINS setting.
-    Allows all domains if setting is an empty list.
+def validate_whitelists(email):
+    """Validates allowed domains and emails against the GOOGLE_WHITE_LISTED_DOMAINS 
+    and GOOGLE_WHITE_LISTED_EMAILS settings.
+    Allows all domains or emails if setting is an empty list.
     """
+    emails = setting('GOOGLE_WHITE_LISTED_EMAILS', [])
     domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
+    if emails and email in emails:
+        return # you're good
     if domains and email.split('@', 1)[1] not in domains:
         raise ValueError('Domain not allowed')