Add the allowed_email_domains and the allowed_groups on the auth_request endpoint + support standard wildcard char for validation with sub-domain and email-domain.

Signed-off-by: Valentin Pichard <github@w3st.fr>
2025-12-01 22:51:45 +02:00 · 2021-07-28 10:12:00 +02:00
parent c5a98c6d03
commit 2b4c8a9846
11 changed files with 305 additions and 90 deletions
--- a/validator.go
+++ b/validator.go
@@ -115,12 +115,15 @@ func isEmailValidWithDomains(email string, allowedDomains []string) bool {
 			return true
 		}

-		// allow if the domain is prefixed with . and
+		// allow if the domain is prefixed with . or *. and
 		// the last element (split on @) has the suffix as the domain
 		atoms := strings.Split(email, "@")
-		if strings.HasPrefix(domain, ".") && strings.HasSuffix(atoms[len(atoms)-1], domain) {
+
+		if (strings.HasPrefix(domain, ".") && strings.HasSuffix(atoms[len(atoms)-1], domain)) ||
+			(strings.HasPrefix(domain, "*.") && strings.HasSuffix(atoms[len(atoms)-1], domain[1:])) {
 			return true
 		}
 	}
+
 	return false
 }