From 3e1a98668fc7840bb09676d4aa82fa32a824d090 Mon Sep 17 00:00:00 2001 From: Rob Vermaas Date: Thu, 9 Jan 2014 13:31:02 +0100 Subject: [PATCH] Allow configuring a set of domains to allow logins from Persona. E.g. add the following to only allow Persona logins from email.com and gmail.com email addresses. persona_allowed_domains email.com,gmail.com --- src/lib/Hydra/Controller/User.pm | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/lib/Hydra/Controller/User.pm b/src/lib/Hydra/Controller/User.pm index b06c65b6..54e58dfe 100644 --- a/src/lib/Hydra/Controller/User.pm +++ b/src/lib/Hydra/Controller/User.pm @@ -69,6 +69,20 @@ sub persona_login :Path('/persona-login') Args(0) { # in URLs. die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/; + # If persona_allowed_domains is set, check if the email address returned is on these domains. + # When not configured, allow all domains. + my $allowed_domains = $c->config->{persona_allowed_domains} || ""; + if ( $allowed_domains ne "") { + my $email_ok = 0; + my @domains = split ',', $allowed_domains; + map { $_ =~ s/^\s*(.*?)\s*$/$1/ } @domains; + + foreach my $domain (@domains) { + $email_ok = $email_ok || ((split '@', $email)[1] eq $domain); + } + die "Email address is not allowed to login." unless $email_ok; + } + my $user = $c->find_user({ username => $email }); if (!$user) {