irabinovitch
commented
11 years ago I was thinking about adding a similar env variable for authorized domains to provide a solution for #207. Thoughts?
Open philc opened 11 years ago
irabinovitch
commented
11 years ago I was thinking about adding a similar env variable for authorized domains to provide a solution for #207. Thoughts?
cespare
commented
11 years ago From a Barkeep meeting today: our plan is to put the whitelist into the DB, and add an admin UI for modifying the list. At that point, we should remove the environment configuration stopgap solution.
Today we support openid logins, but it's not secure unless hosted behind a firewall, since a user from any domain can log in. In addition to regular username/password authorization (#354), ldap (#347), and restricting openid by domain (#207), we should support openid with a whitelist of emails.
The workflow for this should be the admin sets up barkeep, logs in, and can then add users via the /admin section. A nice feature would be to optionally send out an invite email when their name gets added.
We could also configure this list of users by an ENV variable instead of via UI, but I think that's more klunky since it requires editing a file and perhaps deploying. What do you think?