Allow mailRestriction to multiple domains

_test/checkMail.test.php

@@ -0,0 +1,44 @@
+<?php
+/**
+ * General tests for the oauth plugin
+ *
+ * @group plugin_oauth
+ * @group plugins
+ */
+class checkMail_plugin_oauth_test extends DokuWikiTest {
+
+    protected $pluginsEnabled = array('oauth');
+
+    public function test_checkMail_twoDomains() {
+
+        global $conf;
+        $conf['plugin']['oauth']['mailRestriction'] = '@foo.org,@example.com';
+
+        /** @var helper_plugin_oauth $hlp */
+        $hlp     = plugin_load('helper', 'oauth');
+
+        $testmail = "bar@foo.org";
+        $this->assertTrue($hlp->checkMail($testmail),$testmail);
+        $testmail = "bar@example.com";
+        $this->assertTrue($hlp->checkMail($testmail), $testmail);
+        $testmail = "bar@bar.org";
+        $this->assertFalse($hlp->checkMail($testmail), $testmail);
+    }
+
+    public function test_checkMail_oneDomains() {
+
+        global $conf;
+        $conf['plugin']['oauth']['mailRestriction'] = '@foo.org';
+
+        /** @var helper_plugin_oauth $hlp */
+        $hlp     = plugin_load('helper', 'oauth');
+
+        $testmail = "bar@foo.org";
+        $this->assertTrue($hlp->checkMail($testmail),$testmail);
+        $testmail = "bar@example.com";
+        $this->assertFalse($hlp->checkMail($testmail), $testmail);
+        $testmail = "bar@bar.org";
+        $this->assertFalse($hlp->checkMail($testmail), $testmail);
+    }
+
+}

action.php

@@ -202,8 +202,11 @@ class action_plugin_oauth extends DokuWiki_Action_Plugin {
         $form =& $event->data;
         $html = '';
 
-        if ($this->getConf('mailRestriction') !== '') {
-            $html .= sprintf($this->getLang('eMailRestricted'),$this->getConf('mailRestriction'));
+        $validDomains = $hlp->getValidDomains();
+
+        if ($validDomains[0] !== '') {
+            $domainListing = $hlp->getValidDomains(true);
+            $html .= sprintf($this->getLang('eMailRestricted'), $domainListing);
         }
 
         if ($singleService == '') {

classes/AbstractAdapter.php

@@ -127,24 +127,19 @@ abstract class AbstractAdapter {
                 return false;
             }
         }
-        if ($this->hlp->getConf("mailRestriction") !== '') {
-            return $this->checkMail();
+
+        $validDomains = $this->hlp->getValidDomains();
+        if ($validDomains[0] !== '') {
+            $userData = $this->getUser();
+            if (!$this->hlp->checkMail($userData['mail'])) {
+                msg(sprintf($this->hlp->getLang("rejectedEMail"),$this->hlp->getValidDomains(true)),-1);
+                send_redirect(wl('', array('do' => 'login',),false,'&'));
+            }
         }
         return true;
     }
 
-    /**
-     * @return bool
-     */
-    public function checkMail() {
-        $hostedDomain = $this->hlp->getConf("mailRestriction");
-        $userData = $this->getUser();
-        if (substr($userData['mail'], -strlen($hostedDomain)) === $hostedDomain) {
-            return true;
-        }
-        msg(sprintf($this->hlp->getLang("rejectedEMail"),$hostedDomain),-1);
-        send_redirect(wl('', array('do' => 'login',),false,'&'));
-    }
+
 
     /**
      * Return the name of the oAuth service class to use

conf/metadata.php

@@ -39,7 +39,7 @@ $meta['doorkeeper-key']      = array('string');
 $meta['doorkeeper-secret']   = array('string');
 $meta['doorkeeper-authurl']  = array('string');
 $meta['doorkeeper-tokenurl'] = array('string');
-$meta['mailRestriction']     = array('string','_pattern' => '!^@.*|^$!');
+$meta['mailRestriction']     = array('string','_pattern' => '!^(@[^,@]+(\.[^,@]+)+(,|$))*$!'); // https://regex101.com/r/mG4aL5/3
 $meta['singleService']       = array('multichoice',
                                      '_choices' => array(
                                          '',

helper.php

@@ -125,6 +125,42 @@ class helper_plugin_oauth extends DokuWiki_Plugin {
         $service = strtolower($service);
         return $this->getConf($service.'-tokenurl');
     }
+
+    /**
+     * @param bool $string if true returns a nice string for output, otherwise returns array of strings
+     *
+     * @return array|string
+     */
+    public function getValidDomains($string = false) {
+        $validDomains = explode(',', trim($this->getConf('mailRestriction'), ','));
+        if ($string) {
+            $domainListing = $validDomains[0];
+            array_shift($validDomains);
+            while (count($validDomains) > 0) {
+                $domainListing .= ", " . $validDomains[0];
+                array_shift($validDomains);
+            }
+            return $domainListing;
+        } else {
+            return $validDomains;
+        }
+    }
+
+    /**
+     * @param string $mail
+     *
+     * @return bool
+     */
+    public function checkMail($mail) {
+        $hostedDomains = $this->getValidDomains();
+
+        foreach ($hostedDomains as $validDomain) {
+            if(substr($mail, -strlen($validDomain)) === $validDomain) {
+                return true;
+            }
+        }
+        return false;
+    }
 }
 
 // vim:ts=4:sw=4:et:

lang/en/lang.php

@@ -10,5 +10,5 @@ $lang['loginwith']      = 'Login with other Services:';
 $lang['authnotenabled'] = 'The account associated with your email address has not enabled logging in with %s. Please login by other means and enable it in your profile.';
 $lang['wrongConfig'] = 'The oAuth plugin has been malconfiguered. Defaulting to local authentication only. Please contact your wiki administrator.';
 $lang['loginButton'] = 'Login with ';//... i.e. Google (on SingleAuth)
-$lang['rejectedEMail'] = 'Invalid eMail-Account used. Only accounts from "%s" are allowed!';
-$lang['eMailRestricted'] = '<p id="oauth_email_restricted">Only email accounts from "%s" are allowed.</p>';
+$lang['rejectedEMail'] = 'Invalid eMail-Account used. Only email accounts from the following domain(s) are allowed: %s!';
+$lang['eMailRestricted'] = '<p id="oauth_email_restricted">Only email accounts from the following domain(s) are allowed: %s</p>';