1. 技术文章
  2. Limit Google Sign-In to .edu accounts in Meteor

Limit Google Sign-In to .edu accounts in Meteor

最后都变了- 提交于 2019-12-10 21:27:37

问题


I'm trying to limit my Google + Sign-In Button to only allow @something.edu accounts to sign in. How would I go about doing this. This is my code so far: 

Template.googleLogin.events({
    'click #gLogin': function(event) {
        Meteor.loginWithGoogle({}, function(err){
            if (err) {
                throw new Meteor.Error("Google login didn't work!");
            }
            else {
                Router.go('/home')
            }


        });
    }
})

Template.primaryLayout.events({
    'click #gLogout': function(event) {
        Meteor.logout(function(err){
            if (err) {
                throw new Meteor.Error("Hmm looks like your logout failed. ");
            }
            else {
                Router.go('/')
            }
        })
    }
})

回答1:


You can accomplish this using Accounts.config (in the root directory, so it runs on both the client and server)

Accounts.config({ restrictCreationByEmailDomain: 'something.edu' })

If you need something more custom, you can replace something.edu with a method if you need to fine grain your requirement, i.e for any .edu domain:

Accounts.config({ restrictCreationByEmailDomain: function(address) {
        return new RegExp('\\.edu$', 'i')).test(address)
    }
});



回答2:


The accounts package allows configuring account creation domain through:

Accounts.config({
  restrictCreationByEmailDomain: 'something.edu' 
})

But this has some limitations in case of google:

  1. This is only client side and only allows for the login form to get properly styled to represent the domain's logo etc. But it can be very easily overcome by crafting the google oauth signin url by hand
  2. In case you need to configure extra options like allowing multiple domains or a domain and some outside users (perhaps third party contractors or support from a software company etc) this does not work. In case of accounts-google, the package checks if restrictCreationByEmailDomain is a String and if it is instead a function, it just discards it.

Therefore, to be able to properly and securely utilize such functionality, you need to use the official Accounts.validateNewUser callback:

Accounts.validateNewUser(function(newUser) {
  var newUserEmail = newUser.services.google.email;
  if (!newUserEmail) throw new Meteor.Error(403,'You need a valid email address to sign up.');
  if (!checkEmailAgainstAllowed(newUserEmail)) throw new Meteor.Error(403,'You need an accepted organization email address to sign up.');
  return true;
});

var checkEmailAgainstAllowed = function(email) {
  var allowedDomains = ['something.edu'];
  var allowedEmails = ['someone@example.com'];
  var domain = email.replace(/.*@/,'').toLowerCase();
  return _.contains(allowedEmails, email) || _.contains(allowedDomains, domain);
};

If you want to be extra cautious, you can implement the same for the Accounts.validateLoginAttempt and Accounts.onCreateUser callbacks as well.



来源:https://stackoverflow.com/questions/28241577/limit-google-sign-in-to-edu-accounts-in-meteor

标签
login
meteor
iron-router
google-login
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!