Skip to content

Enable Domain and Email Whitelist for Google Oauth #1738

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 7, 2020
Merged

Enable Domain and Email Whitelist for Google Oauth #1738

merged 1 commit into from
Jan 7, 2020

Conversation

@arkrwn
Copy link
Contributor

@arkrwn arkrwn commented Jan 6, 2020

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS

Thus all who have an email with domain that is whitelist will be able to log in and only limited to active and thus not will be redirected to login page

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS

Thus all who have an email that is whitelist will be able to log in and only limited to active and thus not will be redirected to login page

SOCIAL_AUTH_LOGIN_ERROR_URL

Set redirection to some path if the user got rejected

SOCIAL_AUTH_BACKEND_ERROR_URL

Set redirection to some path if backend cannot handle the request for login

EXAMPLE

ONLY allow email with example.com domain to register / login :

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com']
SOCIAL_AUTH_LOGIN_ERROR_URL = '/login'
SOCIAL_AUTH_BACKEND_ERROR_URL = '/login'

ONLY allow email john.doe@example.com to register / login :

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = ['john.doe@example.com]
SOCIAL_AUTH_LOGIN_ERROR_URL = '/login'
SOCIAL_AUTH_BACKEND_ERROR_URL = '/login'

Note : DOMAIN and EMAILS WHITELISTED can be set for multiple values, separate the value by comma (,)

Note: DefectDojo is now on Python3 and Django 2.2.1 Please submit your pull requests to the 'dev' branch as the 'legacy-python2.7' branch is only for bug fixes. Any new features submitted to the legacy branch will be ignored and closed.

When submitting a pull request, please make sure you have completed the following checklist:

  • Your code is flake8 compliant
  • Your code is python 3.5 compliant
  • If this is a new feature and not a bug fix, you've included the proper documentation in the ReadTheDocs documentation folder. https://github.com/DefectDojo/Documentation/tree/master/docs or provide feature documentation in the PR.
  • Model changes must include the necessary migrations in the dojo/dd_migrations folder.
  • Add applicable tests to the unit tests.

@arkrwn
Enable Domain and Email Whitelist for Google Oauth
4899361 
SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS
Thus all who have an email with domain that is whitelist will be able to log in and only limited to active and thus not will be redirected to login page

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS
Thus all who have an email that is whitelist will be able to log in and only limited to active and thus not will be redirected to login page

Both of it DOMAIN and EMAILS WHITELISTED can be set for multiple values, separate the value by comma (,)

Example :

SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com','example.co.id']

it will allow ONLY email with example.com and example.co.id domain to register / login.
@arkrwn
Copy link
Contributor Author

arkrwn commented Jan 6, 2020

this for issue #1697 , and it's can be awesome if combine with set user.is_staff = False in **dojo/pipeline.py** so by default allowed user will set as active not staff and or admin, they need to have approval from their supervisor and or manager to raise their status to staff or admin.

@madchap madchap requested review from Maffooch and madchap January 7, 2020 10:56
madchap
madchap approved these changes Jan 7, 2020
View reviewed changes
Copy link
Contributor

@madchap madchap left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, as discussed, good with me. Actually proceeding with this.

@Maffooch Maffooch merged commit ce67e80 into DefectDojo:dev Jan 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Maffooch Maffooch Maffooch approved these changes

+1 more reviewer

@madchap madchap madchap approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arkrwn @madchap @Maffooch