Fix the google validate_whitelists function to *fail* when only email…

…s are configured and an email address not in the whitelisted list is given. Also make the validate_whitelists function fail closed. Signed-off-by: David Black <dblack@atlassian.com>
omab · Aug 20, 2013 · 9197d38 · 9197d38
1 parent 9bb9bbf
commit 9197d38
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py
@@ -252,10 +252,13 @@ def validate_whitelists(backend, email):
     """
     emails = setting('GOOGLE_WHITE_LISTED_EMAILS', [])
     domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
-    if emails and email in emails:
-        return  # you're good
-    if domains and email.split('@', 1)[1] not in domains:
-        raise AuthFailed(backend, 'Domain not allowed')
+    if not emails and not domains:
+        return True
+    if email in emails:
+        return True # you're good
+    if email.split('@', 1)[1] in domains:
+        return True
+    raise AuthFailed(backend, 'User not allowed')
 
 
 # Backend definition