From b291526b13343271398f4fc3aaa73124a11ed7e0 Mon Sep 17 00:00:00 2001 From: Joseph Garrone Date: Thu, 15 Apr 2021 12:20:08 +0200 Subject: [PATCH] Support email whitlisting --- README.md | 6 +++ .../generateFtl/register.ftl | 39 ++++++++++++++++++- src/lib/kcContext.ts | 1 + src/lib/kcContextMocks/index.ts | 15 +++++-- 4 files changed, 56 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 52ddb14f..9a816be5 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,7 @@ If you already have a Keycloak custom theme, it can be easily ported to Keycloak - [Possible workarounds](#possible-workarounds) - [Implement context persistence (optional)](#implement-context-persistence-optional) - [Kickstart video](#kickstart-video) +- [Email domain whitelist](#email-domain-whitelist) # How to use @@ -342,3 +343,8 @@ flash of the blank html before the js bundle have been evaluated *NOTE: keycloak-react-theming was renamed keycloakify since this video was recorded* [![kickstart_video](https://user-images.githubusercontent.com/6702424/108877866-f146ee80-75ff-11eb-8120-003b3c5f6dd8.png)](https://youtu.be/xTz0Rj7i2v8) + +# Email domain whitelist + +If you want to restrict the emails domain that can register, you can use [this plugin](https://github.com/micedre/keycloak-mail-whitelisting) +and `kcRegisterContext["authorizedMailDomains"]` to validate on. diff --git a/src/bin/build-keycloak-theme/generateFtl/register.ftl b/src/bin/build-keycloak-theme/generateFtl/register.ftl index bc652fa0..1008f865 100644 --- a/src/bin/build-keycloak-theme/generateFtl/register.ftl +++ b/src/bin/build-keycloak-theme/generateFtl/register.ftl @@ -147,6 +147,43 @@ <#recover> - })() + })(), + "authorizedMailDomains": (function (){ + + <#attempt> + return "${authorizedMailDomains!''}" || undefined; + <#recover> + + + })(), + "authorizedMailDomains": (function(){ + + var out = undefined; + + <#attempt> + <#if authorizedMailDomains??> + + out = []; + + <#attempt> + <#list authorizedMailDomains as authorizedMailDomain> + out.push((function (){ + + <#attempt> + return "${authorizedMailDomain}"; + <#recover> + + + })()); + + <#recover> + + + <#recover> + + + return out; + + })(), } \ No newline at end of file diff --git a/src/lib/kcContext.ts b/src/lib/kcContext.ts index c4984815..1c55e90e 100644 --- a/src/lib/kcContext.ts +++ b/src/lib/kcContext.ts @@ -124,6 +124,7 @@ export declare namespace KcContext { passwordRequired: boolean; recaptchaRequired: boolean; recaptchaSiteKey?: string; + authorizedMailDomains?: string[]; }; export type Info = Common & { diff --git a/src/lib/kcContextMocks/index.ts b/src/lib/kcContextMocks/index.ts index e5f9eab1..01d90d4d 100644 --- a/src/lib/kcContextMocks/index.ts +++ b/src/lib/kcContextMocks/index.ts @@ -153,7 +153,7 @@ export const kcRegisterContext: KcContext.Register = { "registrationAction": "http://localhost:8080/auth/realms/myrealm/login-actions/registration?session_code=gwZdUeO7pbYpFTRxiIxRg_QtzMbtFTKrNu6XW_f8asM&execution=12146ce0-b139-4bbd-b25b-0eccfee6577e&client_id=account&tab_id=uS8lYfebLa0" }, "messagesPerField": { - "printIfExists": (...[,x]) => x + "printIfExists": (...[, x]) => x }, "scripts": [], "isAppInitiatedAction": false, @@ -162,10 +162,17 @@ export const kcRegisterContext: KcContext.Register = { "formData": {} }, "passwordRequired": true, - "recaptchaRequired": false + "recaptchaRequired": false, + "authorizedMailDomains": [ + "example.com", + "another-example.com", + "*.yet-another-example.com", + "*.example.com", + "hello-world.com" + ] }; -export const kcInfoContext: KcContext.Info ={ +export const kcInfoContext: KcContext.Info = { ...kcCommonContext, "pageId": "info.ftl", "messageHeader": "", @@ -188,7 +195,7 @@ export const kcErrorContext: KcContext.Error = { export const kcLoginResetPasswordContext: KcContext.LoginResetPassword = { ...kcCommonContext, "pageId": "login-reset-password.ftl", - "realm":{ + "realm": { ...kcCommonContext.realm, "loginWithEmailAllowed": false }