What I do is require Google authentication and then check the user's email
address and domain against a whitelist. I had some trouble at first because
GMail addresses ignore internal periods, so for instance [email protected]
and [email protected] are the same address. In fact they are also the same
as [email protected], but I haven't worried about that case yet. I
wrapped this into a class that all my request handlers descend from:
class MyPage(webapp2.RequestHandler):
def validate_user(self, page_template):
template = JINJA_ENVIRONMENT.get_template('under_construction.html')
if users.get_current_user():
url = users.create_logout_url(self.request.uri)
url_linktext = 'Logout'
email = users.get_current_user().email()
# pylint: disable=unused-variable
address, domain = email.split("@")
canonical_address = address.replace('.', '')
canonical_email = canonical_address + '@' + domain
if (domain in WHITELISTED_DOMAINS or
canonical_email in WHITELISTED_ADDRESSES):
template = JINJA_ENVIRONMENT.get_template(page_template)
else:
logging.info('Login disallowed for: %s', email)
else:
url = users.create_login_url(self.request.uri)
url_linktext = 'Login'
template_values = {
'url': url,
'url_linktext': url_linktext,
}
return template, template_values
Each concrete request handler begins something like this:
def get(self):
template, template_values = self.validate_user(PAGE_TEMPLATE)
Suggestions for improvement are welcome!
--
You received this message because you are subscribed to the Google Groups
"Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/google-appengine.
For more options, visit https://groups.google.com/d/optout.
