Allow multiple domains

Allow specifying a comma separated list for the domain the users can login from
jenkinsci · Feb 19, 2016 · 6fea3b2 · 6fea3b2
1 parent ea7fbf8
commit 6fea3b2
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java b/src/main/java/org/jenkinsci/plugins/googlelogin/GoogleOAuth2SecurityRealm.java
@@ -64,6 +64,7 @@
 
 import java.io.IOException;
 import java.util.Arrays;
+import java.util.StringTokenizer;
 
 /**
  * Login with Google using OpenID Connect / OAuth 2
@@ -173,8 +174,15 @@ public HttpResponse onSuccess(String authorizationCode) {
                     IdTokenResponse response = IdTokenResponse.execute(
                             flow.newTokenRequest(authorizationCode).setRedirectUri(buildOAuthRedirectUrl()));
                     IdToken idToken = IdToken.parse(JSON_FACTORY,response.getIdToken());
-                    if (domain != null && ! domain.equals(idToken.getPayload().get("hd"))) {
-                        return HttpResponses.errorWithoutStack(401, "Unauthorized");
+                    if (domain != null) {
+                        StringTokenizer tokenizer = new StringTokenizer(domain, ",");
+                        boolean validDomain = false;
+                        while (!validDomain && tokenizer.hasMoreElements()) {
+                           validDomain = tokenizer.nextToken().equals(idToken.getPayload().get("hd"));
+                        }
+                        if (!validDomain) {
+                            return HttpResponses.errorWithoutStack(401, "Unauthorized");
+                        }
                     }
                     final Credential credential = flow.createAndStoreCredential(response, null);