From b264633efcb542ed02399463f1a2fbc2d248a258 Mon Sep 17 00:00:00 2001 From: tschmidt Date: Thu, 23 Feb 2012 10:13:52 -0800 Subject: [PATCH] added GOOGLE_WHITE_LISTED_EMAILS setting and updated docs --- doc/backends/google.rst | 16 ++++++++++++---- social_auth/backends/google.py | 14 +++++++++----- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/doc/backends/google.rst b/doc/backends/google.rst index 2867c37..eef9676 100644 --- a/doc/backends/google.rst +++ b/doc/backends/google.rst @@ -33,9 +33,13 @@ anonymous values will be used if not configured as described in their GOOGLE_OAUTH_EXTRA_SCOPE = [...] -- Supply a list of domain strings to be checked. The default (empty list) allows all domains. If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page:: +- Supply a list of Google Apps account domain strings to be checked. The default (empty list) allows all domains. If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page:: - GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com'] + GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com'] + +- Supply a list of Google Apps or Gmail email strings to be checked:: + + GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com'] Check which applications can be included in their `Google Data Protocol Directory`_ @@ -74,9 +78,13 @@ Google OpenID Configurable settings: -- Supply a list of domain strings to be checked:: +- Supply a list of Google Apps account domain strings to be checked:: + + GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com'] + +- Supply a list of Google Apps or Gmail email strings to be checked:: - GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com'] + GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com'] Orkut diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py index c96d4fa..f9d56a5 100644 --- a/social_auth/backends/google.py +++ b/social_auth/backends/google.py @@ -49,7 +49,7 @@ class GoogleOAuthBackend(OAuthBackend): def get_user_id(self, details, response): "Use google email as unique id""" - validate_allowed_domain(details['email']) + validate_whitelists(details['email']) return details['email'] def get_user_details(self, response): @@ -81,7 +81,7 @@ class GoogleBackend(OpenIDBackend): is unique enought to flag a single user. Email comes from schema: http://axschema.org/contact/email """ - validate_allowed_domain(details['email']) + validate_whitelists(details['email']) return details['email'] @@ -199,11 +199,15 @@ def googleapis_email(url, params): return None -def validate_allowed_domain(email): - """Validates allowed domains against the GOOGLE_WHITE_LISTED_DOMAINS setting. - Allows all domains if setting is an empty list. +def validate_whitelists(email): + """Validates allowed domains and emails against the GOOGLE_WHITE_LISTED_DOMAINS + and GOOGLE_WHITE_LISTED_EMAILS settings. + Allows all domains or emails if setting is an empty list. """ + emails = setting('GOOGLE_WHITE_LISTED_EMAILS', []) domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', []) + if emails and email in emails: + return # you're good if domains and email.split('@', 1)[1] not in domains: raise ValueError('Domain not allowed') -- 2.39.5