2026-01-18 13:58:25 +00:00 · 2016-07-26 16:25:05 +02:00 · 2016-07-26 16:25:05 +02:00 · 2aff87196d
commit 2aff87196d
parent 0d3f77fb03
3 changed files with 9 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -661,7 +661,7 @@ Once you have the client ID and secret keys generated, configure them using the

 For example, if your client ID is `xxx.apps.googleusercontent.com` and client secret key is `yyy`, then adding `--env 'OAUTH_GOOGLE_API_KEY=xxx.apps.googleusercontent.com' --env 'OAUTH_GOOGLE_APP_SECRET=yyy'` to the docker run command enables support for Google OAuth.

-You can also restrict logins to a single domain by adding `--env 'OAUTH_GOOGLE_RESTRICT_DOMAIN=example.com'`.
+You can also restrict logins to a single domain by adding `--env "OAUTH_GOOGLE_RESTRICT_DOMAIN='example.com'"`.

 #### Facebook

@ -916,7 +916,7 @@ Below is the complete list of available options that can be used to customize yo
 | `OAUTH_CAS3_LOGOUT_URL` | CAS3 logout URL. Defaults to `/cas/logout` |
 | `OAUTH_GOOGLE_API_KEY` | Google App Client ID. No defaults. |
 | `OAUTH_GOOGLE_APP_SECRET` | Google App Client Secret. No defaults. |
-| `OAUTH_GOOGLE_RESTRICT_DOMAIN` | Google App restricted domain. No defaults. |
+| `OAUTH_GOOGLE_RESTRICT_DOMAIN` | List of Google App restricted domains. Value is comma separated list of single quoted groups. Example: `'exemple.com','exemple2.com'`. No defaults. |
 | `OAUTH_FACEBOOK_API_KEY` | Facebook App API key. No defaults. |
 | `OAUTH_FACEBOOK_APP_SECRET` | Facebook App API secret. No defaults. |
 | `OAUTH_TWITTER_API_KEY` | Twitter App API key. No defaults. |
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@ -380,7 +380,7 @@ production: &base
          label: 'Google',
          app_id: '{{OAUTH_GOOGLE_API_KEY}}',
          app_secret: '{{OAUTH_GOOGLE_APP_SECRET}}',
-          args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}', hd: '{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}' } }
+          args: { access_type: 'offline', approval_prompt: '{{OAUTH_GOOGLE_APPROVAL_PROMPT}}', hd: [{{OAUTH_GOOGLE_RESTRICT_DOMAIN}}] } }
      - { name: 'facebook',
          app_id: '{{OAUTH_FACEBOOK_API_KEY}}',
          app_secret: '{{OAUTH_FACEBOOK_APP_SECRET}}' }
--- a/assets/runtime/env-defaults
+++ b/assets/runtime/env-defaults
@ -242,6 +242,12 @@ OAUTH_EXTERNAL_PROVIDERS=${OAUTH_EXTERNAL_PROVIDERS:-}
 OAUTH_GOOGLE_API_KEY=${OAUTH_GOOGLE_API_KEY:-}
 OAUTH_GOOGLE_APP_SECRET=${OAUTH_GOOGLE_APP_SECRET:-}
 OAUTH_GOOGLE_APPROVAL_PROMPT=${OAUTH_GOOGLE_APPROVAL_PROMPT:-}
+OAUTH_GOOGLE_RESTRICT_DOMAIN=${OAUTH_GOOGLE_RESTRICT_DOMAIN:-}
+if [[ -n ${OAUTH_GOOGLE_RESTRICT_DOMAIN} ]]; then # backward compatibility
+  if [[ ${OAUTH_GOOGLE_RESTRICT_DOMAIN} != "'"* ]]; then
+    OAUTH_GOOGLE_RESTRICT_DOMAIN="'${OAUTH_GOOGLE_RESTRICT_DOMAIN}'"
+  fi
+fi

 ### FACEBOOK
 OAUTH_FACEBOOK_API_KEY=${OAUTH_FACEBOOK_API_KEY:-}