django-allauth:仅允许来自特定Google Apps域的用户

时间:2013-10-01 10:16:28

标签: django django-allauth

我是Django的新手。使用django-allauth我已经设置了单击登录。我从google api console获取了我的域凭据(client_id和secret_key)。但问题是django-allauth 允许我从任何谷歌帐户登录,而我希望电子邮件地址仅限于我的域(@ example.com而非@gmail.com)

django-social-auth具有白名单域名参数,如何在allauth中包含此信息? 在django-social-auth上花了好几个小时后,我发现django-allauth更容易设置

非常感谢任何帮助。

3 个答案:

答案 0 :(得分:10)

回答我自己的问题 -

这实际上非常简单。您想要做的是在用户通过社交帐户提供商进行身份验证之后以及可以进入其个人资料页面之前停止登录。您可以使用

执行此操作 allauth / socialaccount / adaptor.py

DefaultSocialAccountAdapter 类的

pre_social_login 方法

    Invoked just after a user successfully authenticates via a
    social provider, but before the login is actually processed
    (and before the pre_social_login signal is emitted).
    You can use this hook to intervene, e.g. abort the login by
    raising an ImmediateHttpResponse
    Why both an adapter hook and the signal? Intervening in
    e.g. the flow from within a signal handler is bad -- multiple
    handlers may be active and are executed in undetermined order.

执行类似

的操作
from allauth.socialaccount.adaptor import DefaultSocialAccountAdapter

class MySocialAccount(DefaultSocialAccountAdapter):
    def pre_social_login(self, request, sociallogin):
        u = sociallogin.account.user
        if not u.email.split('@')[1] == "example.com"
            raise ImmediateHttpResponse(render_to_response('error.html'))

这不是一个确切的实现,但这样的工作。

答案 1 :(得分:1)

这是替代解决方案:

from allauth.account.adapter import DefaultAccountAdapter
from allauth.socialaccount.adapter import DefaultSocialAccountAdapter

class CustomAccountAdapter(DefaultAccountAdapter):
    def is_open_for_signup(self, request):
        return False # No email/password signups allowed

class CustomSocialAccountAdapter(DefaultSocialAccountAdapter):
    def is_open_for_signup(self, request, sociallogin):
        u = sociallogin.user
        # Optionally, set as staff now as well.
        # This is useful if you are using this for the Django Admin login.
        # Be careful with the staff setting, as some providers don't verify
        # email address, so that could be considered a security flaw.
        #u.is_staff = u.email.split('@')[1] == "customdomain.com"
        return u.email.split('@')[1] == "customdomain.com"

此代码可以存在于任何地方,但是假设它位于mysite/adapters.py中,那么您在settings.py中还需要以下内容:

ACCOUNT_ADAPTER = 'mysite.adapters.CustomAccountAdapter'
SOCIALACCOUNT_ADAPTER = 'mysite.adapters.CustomSocialAccountAdapter'

答案 2 :(得分:0)

您可以在覆盖allauth的allauth.socialaccount.forms.SignupForm并在注册过程中检查域中执行某些操作。 Discalmer:这些都是在没有经过测试的情况下编写的,但其中的一些内容应该可行。

# settings.py
# not necesarry, but it would be a smart way to go instead of hardcoding it
ALLOWED_DOMAIN = 'example.com'

# forms.py
from django.conf import settings
from allauth.socialaccount.forms import SignupForm


class MySignupForm(SignupForm):

    def clean_email(self):
        data = self.cleaned_data['email']
        if data.split('@')[1].lower() == settings.ALLOWED_DOMAIN:
            raise forms.ValidationError(_(u'domena!'))
        return data
在您的网址中

覆盖allauth默认值(在django-allauth的包含之前放置此内容)

# urls.py

from allauth.socialaccount.views import SignupView
from .forms import MySignupForm


urlpatterns = patterns('',
    # ...
    url(r"^social/signup/$", SignupView.as_view(form_class=MySignupForm), name="account_signup"),
    # ...
)

我不确定“^ social / signup / $”,重新检查。