summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorike2020-02-07 08:51:58 +0800
committerike2020-02-08 15:57:22 +0800
commit197223dc81267efb22a63872a42f839b2276e1b6 (patch)
treec7c5b23decb47bf90c941d3e525785e2a1a88cf2
parentb3d4cdbcebe1690bf5211d778ff6f8a0f9f5e518 (diff)
Add Google oauth variable: hostedDomain
Which is part of `passport-google-oauth2`. It could be used as whitelist to a domain supported by google oauth. Ref: https://github.com/jaredhanson/passport-google-oauth2/issues/3 Signed-off-by: ike <developer@ikewat.com>
Diffstat (limited to '')
-rw-r--r--docs/configuration-config-file.md2
-rw-r--r--docs/configuration-env-vars.md1
-rw-r--r--lib/config/default.js3
-rw-r--r--lib/config/dockerSecret.js3
-rw-r--r--lib/config/environment.js3
-rw-r--r--lib/web/auth/google/index.js2
6 files changed, 9 insertions, 5 deletions
diff --git a/docs/configuration-config-file.md b/docs/configuration-config-file.md
index c1114549..9fe4554d 100644
--- a/docs/configuration-config-file.md
+++ b/docs/configuration-config-file.md
@@ -134,7 +134,7 @@ these are rarely used for various reasons.
| variables | example values | description |
| --------- | ------ | ----------- |
-| `google` | `{clientID: ..., clientSecret: ...}` | An object containing the client ID and the client secret obtained by the [Google API console](https://console.cloud.google.com/apis) |
+| `google` | `{clientID: ..., clientSecret: ..., hostedDomain: ...}` | An object containing the client ID and the client secret obtained by the [Google API console](https://console.cloud.google.com/apis) |
### LDAP Login
diff --git a/docs/configuration-env-vars.md b/docs/configuration-env-vars.md
index f391f362..6ac9123b 100644
--- a/docs/configuration-env-vars.md
+++ b/docs/configuration-env-vars.md
@@ -135,6 +135,7 @@ defaultNotePath can't be set from env-vars
| -------- | ------------- | ----------- |
| `CMD_GOOGLE_CLIENTID` | no example | Google API client id |
| `CMD_GOOGLE_CLIENTSECRET` | no example | Google API client secret |
+| `CMD_GOOGLE_HOSTEDDOMAIN` | `example.com` | Provided only if the user belongs to a hosted domain. default is `undefined` |
### LDAP Login
diff --git a/lib/config/default.js b/lib/config/default.js
index a52a8a4f..ac78e8ed 100644
--- a/lib/config/default.js
+++ b/lib/config/default.js
@@ -124,7 +124,8 @@ module.exports = {
},
google: {
clientID: undefined,
- clientSecret: undefined
+ clientSecret: undefined,
+ hostedDomain: undefined
},
ldap: {
providerName: undefined,
diff --git a/lib/config/dockerSecret.js b/lib/config/dockerSecret.js
index 7ff6506f..02b959d9 100644
--- a/lib/config/dockerSecret.js
+++ b/lib/config/dockerSecret.js
@@ -53,7 +53,8 @@ if (fs.existsSync(basePath)) {
},
google: {
clientID: getSecret('google_clientID'),
- clientSecret: getSecret('google_clientSecret')
+ clientSecret: getSecret('google_clientSecret'),
+ hostedDomain: getSecret('google_hostedDomain')
},
imgur: getSecret('imgur_clientid')
}
diff --git a/lib/config/environment.js b/lib/config/environment.js
index 944a2fb2..219be499 100644
--- a/lib/config/environment.js
+++ b/lib/config/environment.js
@@ -101,7 +101,8 @@ module.exports = {
},
google: {
clientID: process.env.CMD_GOOGLE_CLIENTID,
- clientSecret: process.env.CMD_GOOGLE_CLIENTSECRET
+ clientSecret: process.env.CMD_GOOGLE_CLIENTSECRET,
+ hostedDomain: process.env.CMD_GOOGLE_HOSTEDDOMAIN
},
ldap: {
providerName: process.env.CMD_LDAP_PROVIDERNAME,
diff --git a/lib/web/auth/google/index.js b/lib/web/auth/google/index.js
index feb83025..6edf07a9 100644
--- a/lib/web/auth/google/index.js
+++ b/lib/web/auth/google/index.js
@@ -16,7 +16,7 @@ passport.use(new GoogleStrategy({
}, passportGeneralCallback))
googleAuth.get('/auth/google', function (req, res, next) {
- passport.authenticate('google', { scope: ['profile'] })(req, res, next)
+ passport.authenticate('google', { scope: ['profile'], hostedDomain: config.google.hostedDomain })(req, res, next)
})
// google auth callback
googleAuth.get('/auth/google/callback',