search

lchapo / dash-google-auth

(Deprecated) Dash Extension for Google OAuth
MIT License
62 stars 18 forks source link

Wildcard authorized emails? #9

Open brylie opened 6 years ago

brylie commented 6 years ago

How might one allow wildcard email authorization? E.g. all emails for a Google authentication domain, such as a company's staff. Is there an approach to enable all organization users, or specific email domains?

lchapo commented 6 years ago

The simplest solution is to modify the auth function here to something like: if email.endswith("@mycompany.com"):

An even better approach would be to store authorized emails in a database and have the auth function do a lookup against that database.

joshbode commented 6 years ago

I'm using this approach at the moment:

from fnmatch import fnmatch

class GlobList(list):
    """Glob list"""

    def __contains__(self, key) -> bool:
        """Check if key in list or matches patterns in list."""

        if super().__contains__(key):
            return True

        for k in self:
            if fnmatch(key, k):
                return True

        return False

and setting:

authorized_emails = GlobList(['*@example.com', 'foo@dog.com'])
auth = GoogleOAuth(app, authorized_emails)
brylie commented 6 years ago

@joshbode, this would be a really good addition to the README, or some similar documentation! :-)

ghost commented 6 years ago

The simplest solution is to modify the auth function here to something like: if email.endswith("@mycompany.com"):

An even better approach would be to store authorized emails in a database and have the auth function do a lookup against that database.

Your url doesn't seem to be working.

lchapo commented 6 years ago

@VedantRuparelia whoops, linked to a private repo. Fixed my comment above (new link)