Skip to content

Commit 2c283fc

Browse files
fguillotfguillot
committed
Enforce domain restrictions on the domain part of the email address
1 parent 81101c1 commit 2c283fc

4 files changed

Lines changed: 26 additions & 4 deletions

File tree

.travis.yml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,9 @@ php:
1010
env:
1111
global:
1212
- PLUGIN=GoogleAuth
13-
- KANBOARD_REPO=https://github.com/fguillot/kanboard.git
13+
- KANBOARD_REPO=https://github.com/kanboard/kanboard.git
1414
matrix:
1515
- DB=sqlite
16-
- DB=mysql
1716
- DB=postgres
1817

1918
matrix:

Auth/GoogleAuthProvider.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -224,7 +224,12 @@ public function validateDomainRestriction(array $profile, $domains)
224224
foreach (explode(',', $domains) as $domain) {
225225
$domain = trim($domain);
226226

227-
if (strpos($profile['email'], $domain) > 0) {
227+
if (strpos($profile['email'], '@') === false) {
228+
return false;
229+
}
230+
231+
list(, $hostname) = explode('@', $profile['email']);
232+
if (strpos($hostname, $domain) === 0) {
228233
return true;
229234
}
230235
}

Plugin.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ public function getPluginAuthor()
7171

7272
public function getPluginVersion()
7373
{
74-
return '1.0.4';
74+
return '1.0.5';
7575
}
7676

7777
public function getPluginHomepage()

Test/GoogleAuthTest.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,24 @@ public function testEmailRestrictions()
3939
$this->container['memoryCache']->flush();
4040
$this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@mydomain.tld')));
4141
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'me@my-other-domain.tld')));
42+
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'test+mydomain.tld+@example.org')));
43+
44+
$this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example.org, example.com')));
45+
$this->container['memoryCache']->flush();
46+
$this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@example.org')));
47+
$this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@example.com')));
48+
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'me@example.net')));
49+
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'invalid email')));
50+
51+
$this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example')));
52+
$this->container['memoryCache']->flush();
53+
$this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@example')));
54+
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'example@localhost')));
55+
56+
$this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example.org')));
57+
$this->container['memoryCache']->flush();
58+
$this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@example.org')));
59+
$this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'me@subdomain.example.org')));
4260
}
4361

4462
public function testGetClientId()

0 commit comments

Comments
 (0)