Allow specification of domain block list inline

4 years ago · f6fd40c1b3
parent 2556450557
commit f6fd40c1b3
2 changed files with 13 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -48,10 +48,16 @@ Currently the following options are supported:
   attribute mapped to `uid` to identify the remote user instead of the `NameID`
   from the assertion. `True` by default.

- * `domain_block_file`: should point a file containing a list of domains (one
+ * `bad_domain_file`: should point a file containing a list of domains (one
   per line); users who have an email address on any of these domains will be
   blocked from registration.

+ * `bad_domain_list`: an alternative to `bad_domain_file` allowing the list of
+   bad domains to be specified inline in the config.
+
+   If both `bad_domain_file` and `bad_domain_list` are specified, the two lists
+   are merged.
+
 ## Implementation notes

 The login flow looks something like this:
--- a/matrix_synapse_saml_mozilla/mapping_provider.py
+++ b/matrix_synapse_saml_mozilla/mapping_provider.py
@ -41,7 +41,7 @@ MAPPING_SESSION_VALIDITY_PERIOD_MS = 15 * 60 * 1000
@attr.s
 class SamlConfig(object):
    use_name_id_for_remote_uid = attr.ib(type=bool, default=True)
-    domain_block_list = attr.ib(type=Set[str], default={})
+    domain_block_list = attr.ib(type=Set[str], factory=set)


 class SamlMappingProvider(object):
@ -158,13 +158,15 @@ class SamlMappingProvider(object):
        if "use_name_id_for_remote_uid" in config:
            parsed.use_name_id_for_remote_uid = config["use_name_id_for_remote_uid"]

-        domain_block_file = config.get("domain_block_file")
+        parsed.domain_block_list.update(config.get("bad_domain_list", []))
+
+        domain_block_file = config.get("bad_domain_file")
        if domain_block_file:
            try:
                with open(domain_block_file, encoding="ascii") as fh:
-                    parsed.domain_block_list = {
+                    parsed.domain_block_list.update(
                        line.strip().lower() for line in fh.readlines()
-                    }
+                    )
            except Exception as e:
                raise Exception(
                    "Error reading domain block file %s: %s" % (domain_block_file, e)