Allow configuring a set of domains to allow logins from Persona.

E.g. add the following to only allow Persona logins from email.com and gmail.com email addresses.

  persona_allowed_domains email.com,gmail.com
This commit is contained in:
Rob Vermaas 2014-01-09 13:31:02 +01:00
parent a598fe7e81
commit 3e1a98668f

View file

@ -69,6 +69,20 @@ sub persona_login :Path('/persona-login') Args(0) {
# in URLs. # in URLs.
die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/; die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
# If persona_allowed_domains is set, check if the email address returned is on these domains.
# When not configured, allow all domains.
my $allowed_domains = $c->config->{persona_allowed_domains} || "";
if ( $allowed_domains ne "") {
my $email_ok = 0;
my @domains = split ',', $allowed_domains;
map { $_ =~ s/^\s*(.*?)\s*$/$1/ } @domains;
foreach my $domain (@domains) {
$email_ok = $email_ok || ((split '@', $email)[1] eq $domain);
}
die "Email address is not allowed to login." unless $email_ok;
}
my $user = $c->find_user({ username => $email }); my $user = $c->find_user({ username => $email });
if (!$user) { if (!$user) {