Merge pull request bigbluebutton#182 from phavekes/master

add ability to restrict google authentication to a specific domain.
minhnhut0602 · Jul 26, 2017 · 10c2f1f · 10c2f1f
2 parents f40ef12 + fe6e7c3
commit 10c2f1f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
@@ -8,8 +8,13 @@
 
 Rails.application.config.middleware.use OmniAuth::Builder do
   provider :twitter, ENV['TWITTER_ID'], ENV['TWITTER_SECRET']
-  provider :google_oauth2, ENV['GOOGLE_OAUTH2_ID'], ENV['GOOGLE_OAUTH2_SECRET'],
-    scope: ['profile', 'email', 'youtube', 'youtube.upload'], access_type: 'online', name: 'google'
+  provider :google_oauth2,
+    ENV['GOOGLE_OAUTH2_ID'],
+    ENV['GOOGLE_OAUTH2_SECRET'],
+    scope: ['profile', 'email', 'youtube', 'youtube.upload'], 
+    access_type: 'online', 
+    name: 'google',
+    hd: ENV['GOOGLE_OAUTH2_HD'].blank? ? nil : ENV['GOOGLE_OAUTH2_HD']
   provider :ldap,
     host: ENV['LDAP_SERVER'],
     port: ENV['LDAP_PORT'],

diff --git a/env b/env
@@ -33,8 +33,13 @@ TWITTER_SECRET=
 #   For the callback URL use 'http://<your hostname:port>/auth/google/callback'
 #   Once registered copy the ID and Secret here
 #
+#   The GOOGLE_OAUTH2_HD variable is used to limit sign-in to a particular Google Apps hosted domain. This
+#   can be a string such as, 'domain.com'. If left blank, GreenLight will allow sign-in from all Google Apps hosted
+#   domains.
+#
 GOOGLE_OAUTH2_ID=
 GOOGLE_OAUTH2_SECRET=
+GOOGLE_OAUTH2_HD=
 
 # LDAP Login Provider (optional)
 #