aboutsummaryrefslogtreecommitdiff
path: root/server/auth/google
AgeCommit message (Collapse)Author
2016-06-14Update whitelistingNiall Sheridan
Whitelist Google users based on their email address instead of the username part of the email address. Plain gmail (non Google Apps) accounts don't necessarily end in '@gmail.com', and whitelisting on username alone is open to abuse. Skip testing for a Google Apps domain (ui.Hd) if no domain is configured. Principals will still be added as the user part of the email address. For the Github provider, skip checking that the user is a member of an organization is none is configured.
2016-06-14Add support for a users whitelistMarco Bonetti
2016-06-06Save oauth 'state' identifier in the clientNiall Sheridan
2016-06-02Validate tokens correctlyNiall Sheridan
This switch statement doesn't do what I thought it does
2016-05-24Don't allow wide-open Google or Github configsPatrick O'Doherty
Fail loudly if either the google_opts domain value or github_opts organization values are not set in the configuration. The lack of these values means that a) in the Google case any @gmail.com address will be allowed b) the Github case any Github user will be allowed. This was previously documented but left as a foot-gun in the code. Future commits will allow for explicit wildcards to be set.
2016-04-21Fix testNiall Sheridan
2016-04-21Just make ProviderOpts a map[string]string.Niall Sheridan
I have no idea why I made it a map[string]interface{} and it's a pain to deal with.
2016-04-21Some small fixes.Niall Sheridan
Rename 'GoogleOpts' to 'ProviderOpts'. Rename Principals to AdditionalPrincipals to match the config option.
2016-04-20Add comments.Niall Sheridan
2016-04-20dumb tests for the google auth providerNiall Sheridan
2016-04-20dumb tests for the google auth providerNiall Sheridan
2016-04-18Initial commitNiall Sheridan