From 720deb56cbccd6d0a44bdecffaf94202523b70d1 Mon Sep 17 00:00:00 2001
From: tschmidt <none@none>
Date: Mon, 16 Jan 2012 15:06:41 -0800
Subject: [PATCH] restrict google login by white-listed domains

---
 social_auth/backends/google.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py
index 21b5453..a29ca54 100644
--- a/social_auth/backends/google.py
+++ b/social_auth/backends/google.py
@@ -46,6 +46,8 @@ GOOGLE_OPENID_URL = 'https://www.google.com/accounts/o8/id'
 
 EXPIRES_NAME = getattr(settings, 'SOCIAL_AUTH_EXPIRATION', 'expires')
 
+# white-listed domains (else accept all)
+WHITE_LISTED_DOMAINS = getattr(settings, 'WHITE_LISTED_DOMAINS', None)
 
 # Backends
 class GoogleOAuthBackend(OAuthBackend):
@@ -81,8 +83,15 @@ class GoogleBackend(OpenIDBackend):
         """Return user unique id provided by service. For google user email
         is unique enought to flag a single user. Email comes from schema:
         http://axschema.org/contact/email"""
+        # only include white-listed domains
+        import re
+        for domain in WHITE_LISTED_DOMAINS: 
+            if not re.search(domain, details['email']):
+                raise Exception, 'INVALID DOMAIN'
+
         return details['email']
 
+
 # Auth classes
 class GoogleAuth(OpenIdAuth):
     """Google OpenID authentication"""
-- 
2.39.5