Allow specification of domain block list inline

master
Richard van der Hoff 5 years ago
parent 2556450557
commit f6fd40c1b3

@ -48,10 +48,16 @@ Currently the following options are supported:
attribute mapped to `uid` to identify the remote user instead of the `NameID` attribute mapped to `uid` to identify the remote user instead of the `NameID`
from the assertion. `True` by default. from the assertion. `True` by default.
* `domain_block_file`: should point a file containing a list of domains (one * `bad_domain_file`: should point a file containing a list of domains (one
per line); users who have an email address on any of these domains will be per line); users who have an email address on any of these domains will be
blocked from registration. blocked from registration.
* `bad_domain_list`: an alternative to `bad_domain_file` allowing the list of
bad domains to be specified inline in the config.
If both `bad_domain_file` and `bad_domain_list` are specified, the two lists
are merged.
## Implementation notes ## Implementation notes
The login flow looks something like this: The login flow looks something like this:

@ -41,7 +41,7 @@ MAPPING_SESSION_VALIDITY_PERIOD_MS = 15 * 60 * 1000
@attr.s @attr.s
class SamlConfig(object): class SamlConfig(object):
use_name_id_for_remote_uid = attr.ib(type=bool, default=True) use_name_id_for_remote_uid = attr.ib(type=bool, default=True)
domain_block_list = attr.ib(type=Set[str], default={}) domain_block_list = attr.ib(type=Set[str], factory=set)
class SamlMappingProvider(object): class SamlMappingProvider(object):
@ -158,13 +158,15 @@ class SamlMappingProvider(object):
if "use_name_id_for_remote_uid" in config: if "use_name_id_for_remote_uid" in config:
parsed.use_name_id_for_remote_uid = config["use_name_id_for_remote_uid"] parsed.use_name_id_for_remote_uid = config["use_name_id_for_remote_uid"]
domain_block_file = config.get("domain_block_file") parsed.domain_block_list.update(config.get("bad_domain_list", []))
domain_block_file = config.get("bad_domain_file")
if domain_block_file: if domain_block_file:
try: try:
with open(domain_block_file, encoding="ascii") as fh: with open(domain_block_file, encoding="ascii") as fh:
parsed.domain_block_list = { parsed.domain_block_list.update(
line.strip().lower() for line in fh.readlines() line.strip().lower() for line in fh.readlines()
} )
except Exception as e: except Exception as e:
raise Exception( raise Exception(
"Error reading domain block file %s: %s" % (domain_block_file, e) "Error reading domain block file %s: %s" % (domain_block_file, e)

Loading…
Cancel
Save