Khan/snippets

Locking down access to your domain

woodie opened this issue · 0 comments

woodie commented

The new flex environment let's you restrict authentication to users within your domain, but it's now clear how that should work for apps like this that runs on the older version of App Engine, so I aded a few lines just inside SummaryPage and UserPage

        user_email = self.request.get('u', _current_user_email())

        # Reject all but domain users
        user_domain = user_email.split('@')[-1]
        app_settings = models.AppSettings.get()
        if user_domain not in app_settings.domains:
            self.redirect(users.create_logout_url('/'))
            return