sayakb · eschwim · Jan 29, 2015
diff --git a/app/config/default.php b/app/config/default.php
@@ -90,6 +90,7 @@
 		'ldapPassword'        => '',
 		'oauthGoogleId'       => '',
 		'oauthGoogleSecret'   => '',
+		'oauthAppsDomains'    => '',
 		'oauthGoogleAdmins'   => '',
 	),
 

diff --git a/app/lang/en/admin.php b/app/lang/en/admin.php
@@ -212,6 +212,8 @@
 	"client_id"             => "Client ID",
 	"client_secret"         => "Client secret",
 	"client_secret_exp"     => "You can generate client ID and secret key at the",
+	"apps_domains"          => "Apps Domains",
+	"apps_domains_exp"      => "Restrict oAuth logins to these Google Apps domains",
 	"admin_emails"          => "Admin emails",
 	"admin_emails_exp"      => "Users with these email addresses will be granted admin access. Please enter one email ".
 	                           "address per line.",

diff --git a/app/lib/auth/StickyNotesOAuthUserProvider.php b/app/lib/auth/StickyNotesOAuthUserProvider.php
@@ -138,7 +138,7 @@ public function retrieveByCredentials(array $credentials)
 			// Instantiate the Google service using the credentials, http client and storage mechanism for the token
 			$service = new ServiceFactory();
 
-			$google = $service->createService('google', $credentials, $storage, array('userinfo_email', 'groups_provisioning'));
+			$google = $service->createService('google', $credentials, $storage, array('userinfo_email'));
 
 			// Google responded with a code
 			if (Input::has('code'))
@@ -154,6 +154,21 @@ public function retrieveByCredentials(array $credentials)
 				{
 					if ($result['verified_email'])
 					{
+						// We extract the username from the email address of the user
+						list ($username, $domain) = explode('@', $result['email'], 2);
+
+						// Check to make sure that the user is in the list of authorized Google apps domains,
+						// if the apps domains variable is not empty
+						if (trim($this->auth->oauthAppsDomains) != false)
+						{
+							$appsDomains = preg_split("/[\s,]+/", $this->auth->oauthAppsDomains, -1, PREG_SPLIT_NO_EMPTY);
+							if(!in_array($domain, $appsDomains))
+							{
+								 App::abort(401);
+								 return NULL;
+							}
+						}
+
 						// First we will add each credential element to the query as a where clause.
 						// Then we can execute the query and, if we found a user, return it in a
 						// Eloquent User "model" that will be utilized by the Guard instances.
@@ -168,18 +183,15 @@ public function retrieveByCredentials(array $credentials)
 						$user = $query->count() > 0 ? $query->first() : $this->createModel();
 
 						// Determine if user is an admin
-						$googleAdmins = explode("\n", $this->auth->oauthGoogleAdmins);
-
+						$googleAdmins = preg_split("/[\s,]+/", $this->auth->oauthGoogleAdmins, -1, PREG_SPLIT_NO_EMPTY);
 						$isAdmin = in_array($result['email'], $googleAdmins);
 
-						// We extract the username from the email address of the user
-						$parts = explode('@', $result['email']);
-
 						// Insert/Update user info
-						$user->username = $parts[0];
+						$user->username = $username;
 						$user->password = '';
 						$user->salt     = '';
 						$user->email    = $result['email'];
+						$user->dispname = $result['name'];
 						$user->type     = 'oauth';
 						$user->active   = 1;
 						$user->admin    = $isAdmin;

diff --git a/app/views/skins/bootstrap/admin/auth.blade.php b/app/views/skins/bootstrap/admin/auth.blade.php
@@ -359,6 +359,26 @@
 								</div>
 							</div>
 
+							<div class="form-group">
+								{{
+									Form::label('oauth_apps_domains', Lang::get('admin.apps_domains'), array(
+										'class' => 'control-label col-sm-3 col-lg-2'
+									))
+								}}
+
+								<div class="col-sm-9 col-lg-10">
+									{{
+										Form::textarea('oauth_apps_domains', $site->auth->oauthAppsDomains, array(
+											'class' => 'form-control',
+											'rows'  => 3,
+										))
+									}}
+									<div class="help-block">
+										{{ Lang::get('admin.apps_domains_exp') }}
+									</div>
+								</div>
+							</div>
+
 							<div class="form-group">
 								{{
 									Form::label('oauth_google_admins', Lang::get('admin.admin_emails'), array(

diff --git a/app/views/skins/neverland/admin/auth.blade.php b/app/views/skins/neverland/admin/auth.blade.php
@@ -358,6 +358,26 @@
 								</div>
 							</div>
 
+							<div class="form-group">															  
+								{{																				
+									Form::label('oauth_apps_domains', Lang::get('admin.apps_domains'), array(	 
+										'class' => 'control-label col-sm-3 col-lg-2'							  
+									))																			
+								}}																				
+
+								<div class="col-sm-9 col-lg-10">												  
+									{{																			
+										Form::textarea('oauth_apps_domains', $site->auth->oauthAppsDomains, array(
+											'class' => 'form-control',											
+											'rows'  => 3,														 
+										))																		
+									}}																			
+									<div class="help-block">													  
+										{{ Lang::get('admin.apps_domains_exp') }}								 
+									</div>																		
+								</div>																			
+							</div>																				
+
 							<div class="control-group">
 								{{
 									Form::label('oauth_google_admins', Lang::get('admin.admin_emails'), array(