Use regex searching instead of endswith() in admin_oauth

matthiask · May 17, 2017 · 72ab4b4 · 72ab4b4
1 parent c345781
commit 72ab4b4
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 5 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -5,6 +5,10 @@ Change log
 `Next version`_
 ===============
 
+- Moved from ``ADMIN_OAUTH_DOMAINS`` to ``ADMIN_OAUTH_PATTERNS`` to
+  allow regular expression searching.
+
+
 `0.4`_ (2017-05-11)
 ===================
 

diff --git a/README.rst b/README.rst
@@ -114,11 +114,11 @@ Installation is as follows:
   ``django.contrib.admin``, so that our login template is picked up.
 - Add ``GOOGLE_CLIENT_ID`` and ``GOOGLE_CLIENT_SECRET`` to your settings
   as described above.
-- Add a ``ADMIN_OAUTH_DOMAINS`` setting (the first item is the domain,
+- Add a ``ADMIN_OAUTH_PATTERNS`` setting (the first item is the domain,
   the second the email address of an existing staff account)::
 
-    ADMIN_OAUTH_DOMAINS = [
-        ('@example.com', 'admin@example.com'),
+    ADMIN_OAUTH_PATTERNS = [
+        (r'@example\.com$', 'admin@example.com'),
     ]
 
 - Add an entry to your URLconf::

diff --git a/authlib/admin_oauth/views.py b/authlib/admin_oauth/views.py
@@ -1,3 +1,5 @@
+import re
+
 from django.conf import settings
 from django.contrib import auth, messages
 from django.shortcuts import redirect
@@ -9,6 +11,7 @@
 
 
 REDIRECT_SESSION_KEY = 'admin-oauth-next'
+ADMIN_OAUTH_PATTERNS = settings.ADMIN_OAUTH_PATTERNS
 
 
 def retrieve_next(request):
@@ -31,8 +34,8 @@ def admin_oauth(request):
     email = user_data.get('email', '')
 
     if email:
-        for domain, user_mail in settings.ADMIN_OAUTH_DOMAINS:
-            if email.endswith(domain):
+        for pattern, user_mail in ADMIN_OAUTH_PATTERNS:
+            if re.search(pattern, email):
                 user = auth.authenticate(email=user_mail)
                 if user and user.is_staff:
                     auth.login(request, user)