Check for Group membership before sending an email

Question

Check for Group membership before sending an email

Opened this issue 6 years ago · 0 comments

Don't send the OTP email unless the user is part of the appropriate group, (See: https://github.com/CyberNinjas/libnss_aad/blob/master/libnss_aad.c#L167).

    if (verify_user(jwt, user_addr) == 0 // <-- Check for username match in JWT
        && verify_group(ab_token, group_id, debug) == 0) { // <-- Check for group membership
        ret = EXIT_SUCCESS;
    }

Source: https://github.com/CyberNinjas/pam_aad/blob/master/pam_aad.c#L382-491

If user is not a member of the group, send an ACCESS DENIED email.