diff options
author | Marco Bonetti <marco@intercom.io> | 2016-06-10 14:11:54 +0100 |
---|---|---|
committer | Marco Bonetti <marco@intercom.io> | 2016-06-14 09:26:29 +0100 |
commit | a03243a826bb4eb5eebad19133f6b15e2f5dfdc2 (patch) | |
tree | bedda3934ce501a32f2f13b00b1929e458170cc7 /server/auth/google | |
parent | c074b8694f28ab6b3cc1ccb31474cfa507f73e81 (diff) |
Add support for a users whitelist
Diffstat (limited to 'server/auth/google')
-rw-r--r-- | server/auth/google/google.go | 19 | ||||
-rw-r--r-- | server/auth/google/google_test.go | 2 |
2 files changed, 15 insertions, 6 deletions
diff --git a/server/auth/google/google.go b/server/auth/google/google.go index e2c6724..3a833ab 100644 --- a/server/auth/google/google.go +++ b/server/auth/google/google.go @@ -22,14 +22,19 @@ const ( // Config is an implementation of `auth.Provider` for authenticating using a // Google account. type Config struct { - config *oauth2.Config - domain string + config *oauth2.Config + domain string + whitelist map[string]bool } // New creates a new Google provider from a configuration. func New(c *config.Auth) (auth.Provider, error) { - if c.ProviderOpts["domain"] == "" { - return nil, errors.New("google_opts domain must not be empty") + uw := make(map[string]bool) + for _, u := range c.UsersWhitelist { + uw[u] = true + } + if c.ProviderOpts["domain"] == "" && len(uw) == 0 { + return nil, errors.New("google_opts domain and the users whitelist must not be both empty") } return &Config{ @@ -40,7 +45,8 @@ func New(c *config.Auth) (auth.Provider, error) { Endpoint: google.Endpoint, Scopes: []string{googleapi.UserinfoEmailScope, googleapi.UserinfoProfileScope}, }, - domain: c.ProviderOpts["domain"], + domain: c.ProviderOpts["domain"], + whitelist: uw, }, nil } @@ -56,6 +62,9 @@ func (c *Config) Name() string { // Valid validates the oauth token. func (c *Config) Valid(token *oauth2.Token) bool { + if len(c.whitelist) == 0 && !c.whitelist[c.Username(token)] { + return false + } if !token.Valid() { return false } diff --git a/server/auth/google/google_test.go b/server/auth/google/google_test.go index 9970c21..b80c4bf 100644 --- a/server/auth/google/google_test.go +++ b/server/auth/google/google_test.go @@ -33,7 +33,7 @@ func TestNewWithoutDomain(t *testing.T) { domain = "" _, err := newGoogle() - a.EqualError(err, "google_opts domain must not be empty") + a.EqualError(err, "google_opts domain and the users whitelist must not be both empty") domain = "example.com" } |