Enforce domain restrictions on the domain part of the email address

kanboard · Nov 25, 2017 · 2c283fc · 2c283fc · kousu · Nov 28, 2017
1 parent 81101c1
commit 2c283fc
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 4 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -10,10 +10,9 @@ php:
 env:
   global:
     - PLUGIN=GoogleAuth
-    - KANBOARD_REPO=https://github.com/fguillot/kanboard.git
+    - KANBOARD_REPO=https://github.com/kanboard/kanboard.git
   matrix:
     - DB=sqlite
-    - DB=mysql
     - DB=postgres
 
 matrix:

diff --git a/Auth/GoogleAuthProvider.php b/Auth/GoogleAuthProvider.php
@@ -224,7 +224,12 @@ public function validateDomainRestriction(array $profile, $domains)
         foreach (explode(',', $domains) as $domain) {
             $domain = trim($domain);
 
-            if (strpos($profile['email'], $domain) > 0) {
+            if (strpos($profile['email'], '@') === false) {
+                return false;
+            }
+
+            list(, $hostname) = explode('@', $profile['email']);
+            if (strpos($hostname, $domain) === 0) {
                 return true;
             }
         }

diff --git a/Plugin.php b/Plugin.php
@@ -71,7 +71,7 @@ public function getPluginAuthor()
 
     public function getPluginVersion()
     {
-        return '1.0.4';
+        return '1.0.5';
     }
 
     public function getPluginHomepage()

diff --git a/Test/GoogleAuthTest.php b/Test/GoogleAuthTest.php
@@ -39,6 +39,24 @@ public function testEmailRestrictions()
         $this->container['memoryCache']->flush();
         $this->assertTrue($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
         $this->assertFalse($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+        $this->assertFalse($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+
+        $this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example.org, example.com')));
+        $this->container['memoryCache']->flush();
+        $this->assertTrue($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+        $this->assertTrue($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+        $this->assertFalse($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+        $this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'invalid email')));
+
+        $this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example')));
+        $this->container['memoryCache']->flush();
+        $this->assertTrue($provider->isAccountCreationAllowed(array('email' => 'me@example')));
+        $this->assertFalse($provider->isAccountCreationAllowed(array('email' => 'example@localhost')));
+
+        $this->assertTrue($this->container['configModel']->save(array('google_account_creation' => '1', 'google_email_domains' => 'example.org')));
+        $this->container['memoryCache']->flush();
+        $this->assertTrue($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
+        $this->assertFalse($provider->isAccountCreationAllowed(array('email' => '[email protected]')));
     }
 
     public function testGetClientId()