10 years ago · 0d3fbb8659
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -142,8 +142,8 @@
 
				 ;auth_url = https://github.com/login/oauth/authorize
			
 
				 ;token_url = https://github.com/login/oauth/access_token
			
 
				 ;api_url = https://api.github.com/user
			
 
				-# Uncomment bellow to only allow specific email domains
			
 
				-; allowed_domains = mycompany.com othercompany.com
			
 
				+;team_ids =
			
 
				+;allowed_domains =
			
 
				 
			
 
				 #################################### Google Auth ##########################
			
 
				 [auth.google]
			
@@ -154,8 +154,7 @@
 
				 ;auth_url = https://accounts.google.com/o/oauth2/auth
			
 
				 ;token_url = https://accounts.google.com/o/oauth2/token
			
 
				 ;api_url = https://www.googleapis.com/oauth2/v1/userinfo
			
 
				-# Uncomment bellow to only allow specific email domains
			
 
				-; allowed_domains = mycompany.com othercompany.com
			
 
				+;allowed_domains =
			
 
				 
			
 
				 #################################### Logging ##########################
			
 
				 [log]
			
--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@@ -3,6 +3,7 @@ package api
 
				 import (
			
 
				 	"errors"
			
 
				 	"fmt"
			
 
				+	"net/url"
			
 
				 
			
 
				 	"golang.org/x/oauth2"
			
 
				 
			
@@ -46,7 +47,7 @@ func OAuthLogin(ctx *middleware.Context) {
 
				 	userInfo, err := connect.UserInfo(token)
			
 
				 	if err != nil {
			
 
				 		if err == social.ErrMissingTeamMembership {
			
 
				-			ctx.Redirect(setting.AppSubUrl + "/login?missing_team_membership=1")
			
 
				+			ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required Github team membership not fulfilled"))
			
 
				 		} else {
			
 
				 			ctx.Handle(500, fmt.Sprintf("login.OAuthLogin(get info from %s)", name), err)
			
 
				 		}
			
@@ -58,7 +59,7 @@ func OAuthLogin(ctx *middleware.Context) {
 
				 	// validate that the email is allowed to login to grafana
			
 
				 	if !connect.IsEmailAllowed(userInfo.Email) {
			
 
				 		log.Info("OAuth login attempt with unallowed email, %s", userInfo.Email)
			
 
				-		ctx.Redirect(setting.AppSubUrl + "/login?email_not_allowed=1")
			
 
				+		ctx.Redirect(setting.AppSubUrl + "/login?failedMsg=" + url.QueryEscape("Required email domain not fulfilled"))
			
 
				 		return
			
 
				 	}
			
 
				 
			
--- a/public/app/controllers/loginCtrl.js
+++ b/public/app/controllers/loginCtrl.js
@@ -7,7 +7,7 @@ function (angular, config) {
 
				 
			
 
				   var module = angular.module('grafana.controllers');
			
 
				 
			
 
				-  module.controller('LoginCtrl', function($scope, backendSrv, contextSrv) {
			
 
				+  module.controller('LoginCtrl', function($scope, backendSrv, contextSrv, $location) {
			
 
				     $scope.formModel = {
			
 
				       user: '',
			
 
				       email: '',
			
@@ -28,6 +28,13 @@ function (angular, config) {
 
				     $scope.init = function() {
			
 
				       $scope.$watch("loginMode", $scope.loginModeChanged);
			
 
				       $scope.passwordChanged();
			
 
				+
			
 
				+      var params = $location.search();
			
 
				+      if (params.failedMsg) {
			
 
				+        $scope.appEvent('alert-warning', ['Login Failed', params.failedMsg]);
			
 
				+        delete params.failedMsg;
			
 
				+        $location.search(params);
			
 
				+      }
			
 
				     };
			
 
				 
			
 
				     // build info view model