Merge branch 'master' of github.com:omab/django-social-auth

omab · Feb 21, 2012 · 42c0ea8 · 42c0ea8
2 parents 6834779 + cc671a0
commit 42c0ea8
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 5 deletions.
diff --git a/doc/backends/google.rst b/doc/backends/google.rst
@@ -33,6 +33,10 @@ anonymous values will be used if not configured as described in their
 
       GOOGLE_OAUTH_EXTRA_SCOPE = [...]
 
+- Supply a list of domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+
+    GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+
 Check which applications can be included in their `Google Data Protocol Directory`_
 
 
@@ -70,7 +74,7 @@ Google OpenID
 
 Configurable settings:
 
-- Supply a list of domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+- Supply a list of domain strings to be checked::
 
     GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
 

diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py
@@ -49,6 +49,7 @@ class GoogleOAuthBackend(OAuthBackend):
 
     def get_user_id(self, details, response):
         "Use google email as unique id"""
+        validate_allowed_domain(details['email'])
         return details['email']
 
     def get_user_details(self, response):
@@ -80,10 +81,7 @@ def get_user_id(self, details, response):
         is unique enought to flag a single user. Email comes from schema:
         http://axschema.org/contact/email
         """
-        # White listed domains (accepts all if list is empty)
-        domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
-        if domains and details['email'].split('@', 1)[1] not in domains:
-            raise ValueError('Domain not allowed')
+        validate_allowed_domain(details['email'])
 
         return details['email']
 
@@ -201,6 +199,16 @@ def googleapis_email(url, params):
         return None
 
 
+def validate_allowed_domain(email):
+    """Validates allowed domains against the GOOGLE_WHITE_LISTED_DOMAINS setting.
+    Allows all domains if setting is an empty list.
+    """
+    domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
+    if domains and email.split('@', 1)[1] not in domains:
+        raise ValueError('Domain not allowed')
+
+
+
 # Backend definition
 BACKENDS = {
     'google': GoogleAuth,