search

ResultadosDigitais / matrix

#matrix is the online open-source workplace inspired in sococo.com for distributed teams to have the experience of work together each day, side-by-side. No matter where team members might be. Working in an online workplace is even more productive when people are feeling in the same space.
MIT License
901 stars 238 forks source link

Whitelist domain doesn't work #368

Open nataliavaz opened 3 years ago

nataliavaz commented 3 years ago

Subject of the issue

Whitelist domain doesn't work

Steps to reproduce

Try to login with a domain that is not whitelisted.

Expected behaviour

Login should work just with the whitelisted domains

Actual behaviour

I can loggin on Matrix with any domain

ezlage commented 3 years ago

This same problem is happening to me too!

juliemar commented 3 years ago

Hi, could you share your whitelisted configuration?

ezlage commented 3 years ago

Sure! Thank you!

This is my configuration:

WHITELIST_DOMAINS=["lageteck.com.br","lageteck.com"]

Despite this, I can login with @gmail.com accounts. My OAuth2 configuration follows the settings above.

nataliavaz commented 3 years ago

My config is the same as yours.

samuelrcarvalho commented 3 years ago

Try to regenerate Sign-In client-id, and restart application. I had this problem a while ago. In that time, I thought that google changed the authentication method. After I regenerate, it worked perfectly.

ezlage commented 3 years ago

Thanks for your help, @samuelrcarvalho!

Unfortunately, I tried the procedure and it was still possible to connect with an account I shouldn't be able to.

renatocmaia commented 3 years ago

This same problem is happening to me too.

my configuration: WHITELIST_DOMAINS=["buy4.com.br"]

ezlage commented 3 years ago

Because of another problem (issue #371), I switched the production environment from the master to another branch, and the problem reported here has also been solved.


git clone https://github.com/ResultadosDigitais/matrix -b '#341-add-i18n' matrix
ezlage commented 3 years ago

Unfortunately my happiness did not last. Taking more careful tests, I came to the conclusion that the problem persists. I'm working around the problem with this:


WHITELIST_USERS=["alias1@domain.tld","alias2@domain.tld"]
renatocmaia commented 3 years ago

Hello guys, I think the problem is here: Actual code: File: backend/app/services/auth/index.js line 9 and 11

var isAuthorized = domainAuthorization(getAllowedDomains());
isAuthorized = userAuthorization(getAllowedUsers());

This var isAuthorized is replacing the second var.

Should be:

var isAuthorized = domainAuthorization(getAllowedDomains());

if (!isAuthorized) {
  isAuthorized = userAuthorization(getAllowedUsers());
}

After test this code work for me.