securesocial icon indicating copy to clipboard operation
securesocial copied to clipboard
verified publisher icon jaliss

Ability to whitelist/blacklist users

Open larvanitis opened this issue 13 years ago • 5 comments

Description There should be a hook at some point of the authentication process so that we can break or allow it by examining the SocialUser object constructed by the *Provider.fillProfile.

Some Use Cases

  • is the user in a whitelist? think private site
  • is the account (b)locked/blacklisted?
  • are registrations open for new users?
  • does the email belong to a specific domain?
  • ...

Proposed Solution

  1. New method UserService.validate(user: Identity): Either[Result, Identity] examines the Identity and acts according to user implemented check returning a Left(Result) instance if the auth is blocked. The default validate implementation should simply return its input to make the method overriding optional.
  2. IdentityProvider.authenticate pattern-matches the received object and in case of an Left it returns it.

I would like to hear your thoughts on this. It is a real show stopper for me (allowed users have to be preregistered by admin) and I will probably implement it in the following days but I'd prefer to have it included upstream, so please tell me if this solution is ok or I should do it in a different way.

larvanitis avatar Mar 09 '13 13:03 larvanitis

I think this would be really useful. Did you get to implement any of this?

jaliss avatar Apr 21 '13 23:04 jaliss

+1

eliotfowler avatar Mar 18 '14 01:03 eliotfowler

+1

antonini avatar Apr 08 '14 12:04 antonini

I submitted a pull request for this yesterday. Implemented exactly as described above.

ciroque avatar Apr 08 '14 18:04 ciroque

This would be great to have. We have some instances where we use securesocial where we need to control who can signup and not.

robkooper avatar Aug 15 '14 21:08 robkooper