Support email whitlisting

2021-04-15 12:20:08 +02:00 · 2021-04-15 12:20:08 +02:00 · b291526b13
commit b291526b13
parent e1c310d383
4 changed files with 56 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -65,6 +65,7 @@ If you already have a Keycloak custom theme, it can be easily ported to Keycloak
    - [Possible workarounds](#possible-workarounds)
 - [Implement context persistence (optional)](#implement-context-persistence-optional)
 - [Kickstart video](#kickstart-video)
+- [Email domain whitelist](#email-domain-whitelist)

 # How to use

@ -342,3 +343,8 @@ flash of the blank html before the js bundle have been evaluated

 *NOTE: keycloak-react-theming was renamed keycloakify since this video was recorded*
 [![kickstart_video](https://user-images.githubusercontent.com/6702424/108877866-f146ee80-75ff-11eb-8120-003b3c5f6dd8.png)](https://youtu.be/xTz0Rj7i2v8)
+
+# Email domain whitelist
+
+If you want to restrict the emails domain that can register, you can use [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) 
+and `kcRegisterContext["authorizedMailDomains"]` to validate on.
--- a/src/bin/build-keycloak-theme/generateFtl/register.ftl
+++ b/src/bin/build-keycloak-theme/generateFtl/register.ftl
@ -147,6 +147,43 @@
        <#recover>
        </#attempt>

-    })()
+    })(),
+    "authorizedMailDomains": (function (){
+
+        <#attempt>
+            return "${authorizedMailDomains!''}" || undefined;
+        <#recover>
+        </#attempt>
+
+    })(),
+    "authorizedMailDomains": (function(){
+
+        var out = undefined;
+
+        <#attempt>
+            <#if authorizedMailDomains??>
+
+                out = [];
+
+                <#attempt>
+                    <#list authorizedMailDomains as authorizedMailDomain>
+                        out.push((function (){
+
+                            <#attempt>
+                                return "${authorizedMailDomain}";
+                            <#recover>
+                            </#attempt>
+
+                        })());
+                    </#list>
+                <#recover>
+                </#attempt>
+            </#if>
+        <#recover>
+        </#attempt>
+
+        return out;
+
+    })(),
 }
 </script>
--- a/src/lib/kcContext.ts
+++ b/src/lib/kcContext.ts
@ -124,6 +124,7 @@ export declare namespace KcContext {
        passwordRequired: boolean;
        recaptchaRequired: boolean;
        recaptchaSiteKey?: string;
+        authorizedMailDomains?: string[];
    };

    export type Info = Common & {
--- a/src/lib/kcContextMocks/index.ts
+++ b/src/lib/kcContextMocks/index.ts
@ -153,7 +153,7 @@ export const kcRegisterContext: KcContext.Register = {
        "registrationAction": "http://localhost:8080/auth/realms/myrealm/login-actions/registration?session_code=gwZdUeO7pbYpFTRxiIxRg_QtzMbtFTKrNu6XW_f8asM&execution=12146ce0-b139-4bbd-b25b-0eccfee6577e&client_id=account&tab_id=uS8lYfebLa0"
    },
    "messagesPerField": {
-        "printIfExists": (...[,x]) => x
+        "printIfExists": (...[, x]) => x
    },
    "scripts": [],
    "isAppInitiatedAction": false,
@ -162,10 +162,17 @@ export const kcRegisterContext: KcContext.Register = {
        "formData": {}
    },
    "passwordRequired": true,
-    "recaptchaRequired": false
+    "recaptchaRequired": false,
+    "authorizedMailDomains": [
+        "example.com",
+        "another-example.com",
+        "*.yet-another-example.com",
+        "*.example.com",
+        "hello-world.com"
+    ]
 };

-export const kcInfoContext: KcContext.Info ={
+export const kcInfoContext: KcContext.Info = {
    ...kcCommonContext,
    "pageId": "info.ftl",
    "messageHeader": "<Message header>",
@ -188,7 +195,7 @@ export const kcErrorContext: KcContext.Error = {
 export const kcLoginResetPasswordContext: KcContext.LoginResetPassword = {
    ...kcCommonContext,
    "pageId": "login-reset-password.ftl",
-    "realm":{
+    "realm": {
        ...kcCommonContext.realm,
        "loginWithEmailAllowed": false
    }