Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

check if user is allowed to signup

abhishek9686 1 year ago
parent
cf0ff52d7f
commit
bee2a6523b
6 changed files with 48 additions and 0 deletions
Unified View Show Diff Stats
  1. 20 0
      auth/auth.go
  2. 4 0
      auth/azure-ad.go
  3. 12 0
      auth/error.go
  4. 4 0
      auth/github.go
  5. 4 0
      auth/google.go
  6. 4 0
      auth/oidc.go

+ 20 - 0
auth/auth.go
View File 

@@ -334,3 +334,23 @@ func isStateCached(state string) bool {
 
 	_, err := netcache.Get(state)
 
 	_, err := netcache.Get(state)
 
 	return err == nil || strings.Contains(err.Error(), "expired")
 
 	return err == nil || strings.Contains(err.Error(), "expired")
 
 }
 
 }
 
+
 
+// isEmailAllowed - checks if email is allowed to signup
 
+func isEmailAllowed(email string) bool {
 
+	allowedDomains := servercfg.GetAllowedEmailDomains()
 
+	domains := strings.Split(allowedDomains, ",")
 
+	if len(domains) == 1 && domains[0] == "*" {
 
+		return true
 
+	}
 
+	emailParts := strings.Split(email, "@")
 
+	if len(emailParts) < 2 {
 
+		return false
 
+	}
 
+	baseDomainOfEmail := emailParts[1]
 
+	for _, domain := range domains {
 
+		if domain == baseDomainOfEmail {
 
+			return true
 
+		}
 
+	}
 
+	return false
 
+}

+ 4 - 0
auth/azure-ad.go
View File 

@@ -61,6 +61,10 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 
 		handleOauthNotConfigured(w)
 
 		handleOauthNotConfigured(w)
 
 		return
 
 		return
 
 	}
 
 	}
 
+	if !isEmailAllowed(content.UserPrincipalName) {
 
+		handleOauthUserNotAllowedToSignUp(w)
 
+		return
 
+	}
 
 	// check if user approval is already pending
 
 	// check if user approval is already pending
 
 	if logic.IsPendingUser(content.UserPrincipalName) {
 
 	if logic.IsPendingUser(content.UserPrincipalName) {
 
 		handleOauthUserNotAllowed(w)
 
 		handleOauthUserNotAllowed(w)

+ 12 - 0
auth/error.go
View File 

@@ -30,6 +30,12 @@ const somethingwentwrong = `<!DOCTYPE html><html>
 
 </body>
 
 </body>
 
 </html>`
 
 </html>`
 
 
 
+const notallowedtosignup = `<!DOCTYPE html><html>
 
+<body>
 
+<h3>You are not allowed to SignUp.</h3>
 
+</body>
 
+</html>`
 
+
 
 func handleOauthUserNotFound(response http.ResponseWriter) {
 
 func handleOauthUserNotFound(response http.ResponseWriter) {
 
 	response.Header().Set("Content-Type", "text/html; charset=utf-8")
 
 	response.Header().Set("Content-Type", "text/html; charset=utf-8")
 
 	response.WriteHeader(http.StatusNotFound)
 
 	response.WriteHeader(http.StatusNotFound)
 
@@ -42,6 +48,12 @@ func handleOauthUserNotAllowed(response http.ResponseWriter) {
 
 	response.Write([]byte(userNotAllowed))
 
 	response.Write([]byte(userNotAllowed))
 
 }
 
 }
 
 
 
+func handleOauthUserNotAllowedToSignUp(response http.ResponseWriter) {
 
+	response.Header().Set("Content-Type", "text/html; charset=utf-8")
 
+	response.WriteHeader(http.StatusForbidden)
 
+	response.Write([]byte(notallowedtosignup))
 
+}
 
+
 
 // handleOauthNotConfigured - returns an appropriate html page when oauth is not configured on netmaker server but an oauth login was attempted
 
 // handleOauthNotConfigured - returns an appropriate html page when oauth is not configured on netmaker server but an oauth login was attempted
 
 func handleOauthNotConfigured(response http.ResponseWriter) {
 
 func handleOauthNotConfigured(response http.ResponseWriter) {
 
 	response.Header().Set("Content-Type", "text/html; charset=utf-8")
 
 	response.Header().Set("Content-Type", "text/html; charset=utf-8")

+ 4 - 0
auth/github.go
View File 

@@ -61,6 +61,10 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 
 		handleOauthNotConfigured(w)
 
 		handleOauthNotConfigured(w)
 
 		return
 
 		return
 
 	}
 
 	}
 
+	if !isEmailAllowed(content.Login) {
 
+		handleOauthUserNotAllowedToSignUp(w)
 
+		return
 
+	}
 
 	// check if user approval is already pending
 
 	// check if user approval is already pending
 
 	if logic.IsPendingUser(content.Login) {
 
 	if logic.IsPendingUser(content.Login) {
 
 		handleOauthUserNotAllowed(w)
 
 		handleOauthUserNotAllowed(w)

+ 4 - 0
auth/google.go
View File 

@@ -63,6 +63,10 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 
 		handleOauthNotConfigured(w)
 
 		handleOauthNotConfigured(w)
 
 		return
 
 		return
 
 	}
 
 	}
 
+	if !isEmailAllowed(content.Email) {
 
+		handleOauthUserNotAllowedToSignUp(w)
 
+		return
 
+	}
 
 	// check if user approval is already pending
 
 	// check if user approval is already pending
 
 	if logic.IsPendingUser(content.Email) {
 
 	if logic.IsPendingUser(content.Email) {
 
 		handleOauthUserNotAllowed(w)
 
 		handleOauthUserNotAllowed(w)

+ 4 - 0
auth/oidc.go
View File 

@@ -74,6 +74,10 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 
 		handleOauthNotConfigured(w)
 
 		handleOauthNotConfigured(w)
 
 		return
 
 		return
 
 	}
 
 	}
 
+	if !isEmailAllowed(content.Email) {
 
+		handleOauthUserNotAllowedToSignUp(w)
 
+		return
 
+	}
 
 	// check if user approval is already pending
 
 	// check if user approval is already pending
 
 	if logic.IsPendingUser(content.Email) {
 
 	if logic.IsPendingUser(content.Email) {
 
 		handleOauthUserNotAllowed(w)
 
 		handleOauthUserNotAllowed(w)