Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Multi authentication] restrict domains from which accounts can be created #82

Closed
crazyserver opened this issue Sep 16, 2014 · 3 comments
Closed

[Multi authentication] restrict domains from which accounts can be created #82

crazyserver opened this issue Sep 16, 2014 · 3 comments
Labels
Improvement

Comments

@crazyserver
Copy link
Contributor 

 function email_auth_domain($email) {
        $auth_domain = get_config('auth/googleoauth2', 'auth_domain');
        if (!empty($auth_domain)) {
            $allowed = explode(' ', $auth_domain);
            foreach ($allowed as $allowedpattern) {
                $allowedpattern = trim($allowedpattern);
                if (!$allowedpattern) {
                    continue;
                }
                if (strpos($allowedpattern, '.') === 0) {
                    if (strpos(strrev($email), strrev($allowedpattern)) === 0) {
                        // Subdomains are in a form ".example.com" - matches "[email protected]".
                        return true;
                    }

                } else if (strpos(strrev($email), strrev('@'.$allowedpattern)) === 0) {
                    return true;
                }
            }
            return false;
        }
        return true;
    }

In loginpage_hook:262

if (empty($user)) {
                    //ADD THIS
                    if (!$this->email_auth_domain($useremail)) {
                        throw new moodle_exception('emailonlyallowed', '', '', get_config('auth/googleoauth2', 'auth_domain'));

Also you need to add a parameter auth_domain to the settings form

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@mouneyrac
Copy link
Collaborator

Hi Pau,
thanks for this suggestion.

what is your use case? I understand that you may want to use the global allowemailaddresses for all other authentication and your settings for the oauth2 auth only, however I am interested to know what is your use case. As allowemailaddresses exists already on global level, your use case may be very specific.

My concern is to avoid to add too many features, so I would like to know if it is a potential use case that many people are going to face.

@crazyserver
Copy link
Contributor Author

The use case is to allow loging in any user with the account already created but do not allow to create new accounts for these domains. This feature only have sense if user with manual accounts can login with Oauth as I suggest in #79.

@mouneyrac mouneyrac changed the title Restrict domains from which accounts can be created [Multi authentication] restrict domains from which accounts can be created Nov 29, 2014
@mouneyrac mouneyrac mentioned this issue May 29, 2015
Open
@mouneyrac mouneyrac added the ready label Jul 7, 2015
@mouneyrac mouneyrac added this to the 2.3 release milestone Nov 6, 2015
@mouneyrac mouneyrac removed the ready label Dec 12, 2015
@mouneyrac mouneyrac modified the milestone: 2.3 release Dec 12, 2015
@rabser
Copy link
Owner

rabser commented Apr 22, 2017

Patch accepted in the next release

@rabser rabser closed this as completed Apr 22, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mouneyrac @crazyserver @rabser