northwhale/site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ENV to filter authorized users

Browse Source
This commit is contained in:
Etienne Ischer
2021-05-03 18:10:46 +02:00
parent 1533f539da
commit bb6b5e3362
3 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.env.example
View File

@@ -11,3 +11,5 @@ DATABASE_PORT=5432
REDIS_URL= REDIS_URL=
SENTRY_DSN= SENTRY_DSN=
ALLOWED_BNET_USERS="User#1234,User#5678"

5
app/controllers/users/omniauth_callbacks_controller.rb
View File

@@ -11,6 +11,11 @@ module Users
@user = User.from_omniauth(request.env['omniauth.auth']) @user = User.from_omniauth(request.env['omniauth.auth'])
if @user.persisted? if @user.persisted?
unless ENV['ALLOWED_BNET_USERS'].split(',').include?(@user.battletag)
set_flash_message(:alert, :not_authorized)
redirect_to root_path
return
end
sign_in_and_redirect @user, event: :authentication sign_in_and_redirect @user, event: :authentication
WowCharactersWorker.perform_async(@user.id) WowCharactersWorker.perform_async(@user.id)
WowMountsCollectionWorker.perform_async(@user.id) WowMountsCollectionWorker.perform_async(@user.id)

1
config/locales/devise.en-gb.yml
View File

@@ -30,6 +30,7 @@ en-gb:
omniauth_callbacks: omniauth_callbacks:
failure: "Could not authenticate you from %{kind} because \"%{reason}\"." failure: "Could not authenticate you from %{kind} because \"%{reason}\"."
success: "Successfully authenticated from %{kind} account." success: "Successfully authenticated from %{kind} account."
not_authorized: "Your Bnet account is not authorized to use this app"
passwords: passwords:
no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided." no_token: "You can't access this page without coming from a password reset email. If you do come from a password reset email, please make sure you used the full URL provided."
send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes." send_instructions: "You will receive an email with instructions on how to reset your password in a few minutes."