mirror of
https://github.com/penpot/penpot.git
synced 2025-07-26 02:57:23 +02:00
🐛 Add proper validation of registration domain whitelist on oidc
Fixes #3348
This commit is contained in:
Andrey Antukh
parent
f60d09eb8f
commit
f166fe1926
5 changed files with 60 additions and 38 deletions
|
|
@ -6,7 +6,9 @@
|
|||
|
||||
(ns app.auth
|
||||
(:require
|
||||
[app.config :as cf]
|
||||
[buddy.hashers :as hashers]
|
||||
[cuerdas.core :as str]
|
||||
[promesa.exec :as px]))
|
||||
|
||||
(def default-params
|
||||
|
|
@ -27,3 +29,16 @@
|
|||
{:update false
|
||||
:valid false})))
|
||||
|
||||
(defn email-domain-in-whitelist?
|
||||
"Returns true if email's domain is in the given whitelist or if
|
||||
given whitelist is an empty string."
|
||||
([email]
|
||||
(let [domains (cf/get :registration-domain-whitelist)]
|
||||
(email-domain-in-whitelist? domains email)))
|
||||
([domains email]
|
||||
(if (or (nil? domains) (empty? domains))
|
||||
true
|
||||
(let [[_ candidate] (-> (str/lower email)
|
||||
(str/split #"@" 2))]
|
||||
(contains? domains candidate)))))
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue