From cd9647bd4adb704a7d9397e7192b33bf5dcea03e Mon Sep 17 00:00:00 2001
From: Caribana <lars.kermode@caribana.ch>
Date: Fri, 26 May 2017 18:56:08 +0200
Subject: [PATCH] Blocage des logins non caribana.ch

---
 tokensignin.php | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/tokensignin.php b/tokensignin.php
index d21cc365..471d4b73 100644
--- a/tokensignin.php
+++ b/tokensignin.php
@@ -30,18 +30,24 @@ if ($payload) {
   $userid = $payload['sub'];
   // If request specified a G Suite domain:
   $domain = $payload['hd'];
-  // Associate user info to session si we can use it later
-  $_SESSION['uid'] = $userid;
-  $_SESSION['dom'] = $domain;
-  $_SESSION['email'] = $payload['email'];
-  $_SESSION['name'] = $payload['name'];
-  // Is this user admin 
-  $_SESSION['admin'] = '';
-  if( array_key_exists($userid, $admins)) {
+  if($domain=='caribana.ch') {
+    // Associate user info to session si we can use it later
+    $_SESSION['uid'] = $userid;
+    $_SESSION['dom'] = $domain;
+    $_SESSION['email'] = $payload['email'];
+    $_SESSION['name'] = $payload['name'];
+    // Is this user admin 
+    $_SESSION['admin'] = '';
+    if( array_key_exists($userid, $admins)) {
   	$_SESSION['admin'] = 1;
+    }
+    echo "SUCCESS: $userid  / DOMAIN: $domain";
+    syslog(LOG_INFO, "Authorized login $userid / ". $payload['name']. ",domain: $domain from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
+  }
+  else {
+    syslog(LOG_ERR, "Failed login ". $payload['name']. " from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']}), incorrect domain: $domain");
+    echo "FAIL";
   }
-  echo "SUCCESS: $userid  / DOMAIN: $domain";
-    syslog(LOG_INFO, "Authorized login $userid / ". $payload['name']. " from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
 } else {
   // Invalid ID token
     syslog(LOG_ERR, "Failed login ". $payload['name']. " from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");