Merge pull request #182 from phavekes/master

add ability to restrict google authentication to a specific domain.
2017-07-26 09:44:06 -04:00 · 2017-07-26 09:44:06 -04:00 · 10c2f1f6e5
parent f40ef121c8 fe6e7c3efe
commit 10c2f1f6e5
2 changed files with 12 additions and 2 deletions
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@ -8,8 +8,13 @@ Rails.application.config.omniauth_ldap = ENV['LDAP_SERVER'].present?

 Rails.application.config.middleware.use OmniAuth::Builder do
  provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
-  provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
-    scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google'
+  provider :google_oauth2,
+    ENV['GOOGLE_OAUTH2_ID'],
+    ENV['GOOGLE_OAUTH2_SECRET'],
+    scope: ['profile', 'email', 'youtube', 'youtube.upload'], 
+    access_type: 'online', 
+    name: 'google',
+    hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD']
  provider :ldap,
    host: ENV['LDAP_SERVER'],
    port: ENV['LDAP_PORT'],
--- a/5
+++ b/5
@ -33,8 +33,13 @@ TWITTER_SECRET=
 #   For the callback URL use 'http://<your hostname:port>/auth/google/callback'
 #   Once registered copy the ID and Secret here
 #
+#   The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted domain. This
+#   can be a string such as, 'domain.com'. If left blank, GreenLight will allow sign-in from all Google Apps hosted
+#   domains.
+#
 GOOGLE_OAUTH2_ID=
 GOOGLE_OAUTH2_SECRET=
+GOOGLE_OAUTH2_HD=

 # LDAP Login Provider (optional)
 #