Closed peterbe closed 11 years ago
It sounds like your problem is more suited to using Permissions. You could override BROWSERID_CREATE_USER
with a method that creates a user, checks their email, and grants them the proper permission if it passes your email check. Then, have your views check the permission whenever it needs to decide if they can see MoCo videos.
However, the problem of only letting certain emails in is a valid one. The cleanest workaround with the current code would probably be to subclass the Verify
view and do the checking in login_success
prior to calling the parent method.
I think adding a is_user_valid
method to the Verify
class that replaces the if self.user and self.user.is_active
check we currently use would be the right way to add support for this into the library. We could also have a setting that points to which view class to use for the current login view. This would make it easier for users to subclass Verify
and use it in place of the original Verify
without having to write their own urlconf.
So something like:
class MyCustomVerify(Verify):
def is_user_valid(self, user):
return user.email.endswith('@mozilla.com')
# In settings.py
BROWSERID_VERIFY_CLASS = 'myproject.users.views.MyCustomVerify'
I actually like that! I'm going to take a stab at it.
pull request here https://github.com/mozilla/django-browserid/pull/170
Fix patch 97ce2f268623cdeeff509b4d345d186dc6b1cba3 this issue? Can it be closed?
On at least three projects I work on we want to let Persona do the authentication but we are picky about who we let in. Ideally I'd like to handle this by writing a function that checks the email address. E.g.
Air Mozilla for example welcomes anybody to log in but if you log in your your Gmail address you're not welcomed in to watch MoCo videos. We currently do this by hijacking the
browserid/mozilla/
URL which feels very weak.There is an option to override
BROWSERID_CREATE_USER
with a callable but it will only make it possible when a user signs in for the very first time.