Skip to content

Commit

Permalink
Allow a non-allow listed user to login if they already have an account.
Browse files Browse the repository at this point in the history
  • Loading branch information
MelissaAutumn committed May 8, 2024
1 parent 1e0e94f commit 97bb00c
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 5 deletions.
12 changes: 9 additions & 3 deletions backend/src/appointment/controller/apis/fxa_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,17 +73,23 @@ def setup(self, subscriber_id=None, token=None):
token=token,
token_updater=self.token_saver)

def is_in_allow_list(self, email: str):
def is_in_allow_list(self, db, email: str):
"""Check this email against our allow list"""

# Allow existing subscribers to login even if they're not on an allow-list
subscriber = repo.subscriber.get_by_email(db, email)
if subscriber:
return True

allow_list = os.getenv('FXA_ALLOW_LIST')
# If we have no allow list, then we allow everyone
if not allow_list or allow_list == '':
return True

return email.endswith(tuple(allow_list.split(',')))

def get_redirect_url(self, state, email):
if not self.is_in_allow_list(email):
def get_redirect_url(self, db, state, email):
if not self.is_in_allow_list(db, email):
raise NotInAllowListException()

utm_campaign = f"{self.ENTRYPOINT}_{os.getenv('APP_ENV')}"
Expand Down
7 changes: 5 additions & 2 deletions backend/src/appointment/routes/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,10 @@ def create_access_token(data: dict, expires_delta: timedelta | None = None):


@router.get("/fxa_login")
def fxa_login(request: Request, email: str, timezone: str | None = None,
def fxa_login(request: Request,
email: str,
timezone: str | None = None,
db: Session = Depends(get_db),
fxa_client: FxaClient = Depends(get_fxa_client)):
"""Request an authorization url from fxa"""
if os.getenv('AUTH_SCHEME') != 'fxa':
Expand All @@ -53,7 +56,7 @@ def fxa_login(request: Request, email: str, timezone: str | None = None,
fxa_client.setup()

try:
url, state = fxa_client.get_redirect_url(token_urlsafe(32), email)
url, state = fxa_client.get_redirect_url(db, token_urlsafe(32), email)
except NotInAllowListException:
raise HTTPException(status_code=403, detail='Your email is not in the allow list')

Expand Down

0 comments on commit 97bb00c

Please sign in to comment.