Merge pull request #265 from SacNaturalFoods/master

added GOOGLE_WHITE_LISTED_EMAILS setting and updated docs
omab · Feb 23, 2012 · bb5b203 · bb5b203
2 parents a871c71 + b264633
commit bb5b203
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 9 deletions.
diff --git a/doc/backends/google.rst b/doc/backends/google.rst
@@ -33,9 +33,13 @@ anonymous values will be used if not configured as described in their
 
       GOOGLE_OAUTH_EXTRA_SCOPE = [...]
 
-- Supply a list of domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
+- Supply a list of Google Apps account domain strings to be checked. The default (empty list) allows all domains.  If a list is provided and a user attempts to sign in with a Google account that is not in the list, then a ValueError will be raised and the user will be redirected to your login error page::
 
-    GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+    GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com']
+
+- Supply a list of Google Apps or Gmail email strings to be checked::
+
+    GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com']
 
 Check which applications can be included in their `Google Data Protocol Directory`_
 
@@ -74,9 +78,13 @@ Google OpenID
 
 Configurable settings:
 
-- Supply a list of domain strings to be checked::
+- Supply a list of Google Apps account domain strings to be checked::
+
+    GOOGLE_WHITE_LISTED_DOMAINS = ['mygoogleappsdomain.com']
+
+- Supply a list of Google Apps or Gmail email strings to be checked::
 
-    GOOGLE_WHITE_LISTED_DOMAINS = ['mydomain.com']
+    GOOGLE_WHITE_LISTED_EMAILS = ['me@mygoogleappsdomain.com', 'you@gmail.com']
 
 
 Orkut

diff --git a/social_auth/backends/google.py b/social_auth/backends/google.py
@@ -49,7 +49,7 @@ class GoogleOAuthBackend(OAuthBackend):
 
     def get_user_id(self, details, response):
         "Use google email as unique id"""
-        validate_allowed_domain(details['email'])
+        validate_whitelists(details['email'])
         return details['email']
 
     def get_user_details(self, response):
@@ -81,7 +81,7 @@ def get_user_id(self, details, response):
         is unique enought to flag a single user. Email comes from schema:
         http://axschema.org/contact/email
         """
-        validate_allowed_domain(details['email'])
+        validate_whitelists(details['email'])
 
         return details['email']
 
@@ -199,11 +199,15 @@ def googleapis_email(url, params):
         return None
 
 
-def validate_allowed_domain(email):
-    """Validates allowed domains against the GOOGLE_WHITE_LISTED_DOMAINS setting.
-    Allows all domains if setting is an empty list.
+def validate_whitelists(email):
+    """Validates allowed domains and emails against the GOOGLE_WHITE_LISTED_DOMAINS 
+    and GOOGLE_WHITE_LISTED_EMAILS settings.
+    Allows all domains or emails if setting is an empty list.
     """
+    emails = setting('GOOGLE_WHITE_LISTED_EMAILS', [])
     domains = setting('GOOGLE_WHITE_LISTED_DOMAINS', [])
+    if emails and email in emails:
+        return # you're good
     if domains and email.split('@', 1)[1] not in domains:
         raise ValueError('Domain not allowed')