3

是否可以只允许某些谷歌帐户登录?例如myname@mycompany.com是通过谷歌主机(他们实际上是谷歌帐户)。我只想要@mycompany能够登录的用户这可能吗?你用devise还是google api来做这个?

谢谢 :)

4

1 回答 1

4

如果您使用的是omniauth-google-oauth2,您可以通过hd在初始化期间为选项提供值来完成域限制。

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'], {
    scope: 'email, profile',
    hd: 'mycompany.com'
  }
end

也可以在处理回调的控制器中处理这个问题。您可以根据 中提供的值拒绝用户request.env["omniauth.auth"]

class OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def google_oauth2
    auth_details = request.env["omniauth.auth"]
    if auth_details.info['email'].split("@")[1] == "yourdomain.com"
      # do all the bits that come naturally in the callback controller
      user = User.from_omniauth(request.env["omniauth.auth"])
      if user.persisted?
        flash.notice = "Signed in Through Google!"
        sign_in_and_redirect user
      else
        session["devise.user_attributes"] = user.attributes
        flash.notice = "You are almost Done! Please provide a password to finish setting up your account"
        redirect_to new_user_registration_url
      end
    else
      # This is where you turn away the poor souls who do not match your domain
      render :text => "We're sorry, at this time we do not allow access to our app."
    end
  end
end
于 2013-09-17T22:25:37.823 回答