51001cfac1
Fixes #3412 Previously the only way to restrict the domains for a Team were with the ALLOWED_DOMAINS environment variable for self hosted instances. This PR migrates this to be a database backed setting on the Team object. This is done through the creation of a TeamDomain model that is associated with the Team and contains the domain name This settings is updated on the Security Tab. Here domains can be added or removed from the Team. On the server side, we take the code paths that previously were using ALLOWED_DOMAINS and switched them to use the Team allowed domains instead
Authentication Providers
A new auth provider can be added with the addition of a single file in this
folder, and (optionally) a matching logo in /app/components/AuthLogo/index.js
that will appear on the signin button.
Auth providers generally use Passport strategies,
although they can use any custom logic if needed. See the google auth provider for the cleanest example of what is required – some rules:
- The strategy name must be lowercase
- The strategy must call the
accountProvisionercommand in the verify callback - The auth file must export a
configobject withnameandenabledkeys - The auth file must have a default export with a koa-router