diff --git a/README.md b/README.md
index 4edbfb4..ffc96f9 100644
--- a/README.md
+++ b/README.md
@@ -50,10 +50,4 @@ sonar.auth.googleoauth.clientId.secured |Consumer Key provided by Google when
sonar.auth.googleoauth.clientSecret.secured|Consumer password provided by Google when registering the consumer|None
sonar.auth.googleoauth.enabled |Enable Google users to login. Value is ignored if consumer Key and Secret are not defined|false
sonar.auth.googleoauth.loginStrategy |When the login strategy is set to 'Unique', the user's login will be auto-generated the first time so that it is unique. When the login strategy is set to 'Same as Google login', the user's login will be the Google login. This last strategy allows, when changing the authentication provider, to keep existing users (if logins from new provider are the same than Google)|Unique
-sonar.auth.googleoauth.limitOauthDomain |When set with a GApps domain, only allow users from that domain to authenticate|None
-
-
-
-
-
-
+sonar.auth.googleoauth.limitOauthDomain |When set with a GApps domain, only allow users from that domain to authenticate. Can be a list by separating domains with ","|None
diff --git a/pom.xml b/pom.xml
index 4f38e8f..51b4b0e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
org.sonarqube.auth.google
sonar-auth-googleoauth-plugin
- 1.6.3-SNAPSHOT
+ 1.6.4-SNAPSHOT
sonar-plugin
Google Authentication for SonarQube
2016
diff --git a/src/main/java/org/sonarqube/auth/googleoauth/GoogleIdentityProvider.java b/src/main/java/org/sonarqube/auth/googleoauth/GoogleIdentityProvider.java
index 4cad830..af4976a 100644
--- a/src/main/java/org/sonarqube/auth/googleoauth/GoogleIdentityProvider.java
+++ b/src/main/java/org/sonarqube/auth/googleoauth/GoogleIdentityProvider.java
@@ -124,9 +124,9 @@ public void callback(CallbackContext context) {
GsonUser gsonUser = requestUser(scribe, accessToken);
String redirectTo;
- if (settings.oauthDomain()==null || (settings.oauthDomain()!=null && gsonUser.getEmail().endsWith("@"+settings.oauthDomain()))) {
+ if (settings.oauthDomain()==null || (checkValidDomain(settings.oauthDomain(), gsonUser.getEmail()))) {
redirectTo = settings.getSonarBaseURL();
- String referer_url = request.getHeader("referer");
+ String referer_url = request.getHeader("referer");
try {
URL urlObj = new URL(referer_url);
String returnToValue = null;
@@ -156,6 +156,15 @@ public void callback(CallbackContext context) {
}
}
+ private Boolean checkValidDomain(String oAuthDomains, String userEmail) {
+ for (String domain : oAuthDomains.split(",")) {
+ if (userEmail.trim().endsWith("@" + domain.trim())) {
+ return true;
+ }
+ }
+ return false;
+ }
+
private GsonUser requestUser(OAuthService scribe, Token accessToken) {
OAuthRequest userRequest = new OAuthRequest(Verb.GET, settings.apiURL() + "oauth2/v1/userinfo", scribe);
scribe.signRequest(accessToken, userRequest);
diff --git a/src/main/java/org/sonarqube/auth/googleoauth/GoogleScribeApi.java b/src/main/java/org/sonarqube/auth/googleoauth/GoogleScribeApi.java
index f573392..85ab167 100644
--- a/src/main/java/org/sonarqube/auth/googleoauth/GoogleScribeApi.java
+++ b/src/main/java/org/sonarqube/auth/googleoauth/GoogleScribeApi.java
@@ -75,7 +75,7 @@ public String getAuthorizationUrl(OAuthConfig config) {
if(state != null) {
sb.append('&').append("state").append('=').append(OAuthEncoder.encode(state));
}
- if (settings.oauthDomain() != null) {
+ if (settings.oauthDomain() != null && !settings.oauthDomain().contains(",")) {
sb.append('&').append("hd=").append(settings.oauthDomain());
}