Skip to content

Commit

Permalink
Re-prompt for login if an unauthorized Google account is used (fixes g…
Browse files Browse the repository at this point in the history
  • Loading branch information
Allen Short committed Dec 6, 2017
1 parent 6d748a8 commit 7dedc1b
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions redash/authentication/google_oauth.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,17 @@ def login():
next_path = request.args.get('next', url_for("redash.index", org_slug=session.get('org_slug')))
logger.debug("Callback url: %s", callback)
logger.debug("Next is: %s", next_path)
return google_remote_app().authorize(callback=callback, state=next_path)
extra = {}
if 'org_slug' in session:
org = models.Organization.get_by_slug(session.pop('org_slug'))
else:
org = current_org
if org.google_apps_domains:
extra['hd'] = org.google_apps_domains[0]
if session.get('relogin') == '1':
extra['prompt'] = 'consent'
session['relogin'] = '0'
return google_remote_app().authorize(callback=callback, state=next_path, **extra)


@blueprint.route('/oauth/google_callback', endpoint="callback")
Expand All @@ -114,7 +124,7 @@ def authorized():

if not verify_profile(org, profile):
logger.warning("User tried to login with unauthorized domain name: %s (org: %s)", profile['email'], org)
flash("Your Google Apps account ({}) isn't allowed.".format(profile['email']))
session['relogin'] = '1'
return redirect(url_for('redash.login', org_slug=org.slug))

picture_url = "%s?sz=40" % profile['picture']
Expand Down

0 comments on commit 7dedc1b

Please sign in to comment.