Osmose
commented
11 years ago It sounds like your problem is more suited to using Permissions. You could override BROWSERID_CREATE_USER with a method that creates a user, checks their email, and grants them the proper permission if it passes your email check. Then, have your views check the permission whenever it needs to decide if they can see MoCo videos.
However, the problem of only letting certain emails in is a valid one. The cleanest workaround with the current code would probably be to subclass the Verify view and do the checking in login_success prior to calling the parent method.
I think adding a is_user_valid method to the Verify class that replaces the if self.user and self.user.is_active check we currently use would be the right way to add support for this into the library. We could also have a setting that points to which view class to use for the current login view. This would make it easier for users to subclass Verify and use it in place of the original Verify without having to write their own urlconf.
So something like:
class MyCustomVerify(Verify):
def is_user_valid(self, user):
return user.email.endswith('@mozilla.com')
# In settings.py
BROWSERID_VERIFY_CLASS = 'myproject.users.views.MyCustomVerify'
peterbe
senden9
On at least three projects I work on we want to let Persona do the authentication but we are picky about who we let in. Ideally I'd like to handle this by writing a function that checks the email address. E.g.
Air Mozilla for example welcomes anybody to log in but if you log in your your Gmail address you're not welcomed in to watch MoCo videos. We currently do this by hijacking the
browserid/mozilla/URL which feels very weak.There is an option to override
BROWSERID_CREATE_USERwith a callable but it will only make it possible when a user signs in for the very first time.