I’ve been asked to add extra security to our site. We’re using Google to login people in and currently this is the security we have:
$googleService = $serviceFactory->createService('google', $credentials, $storage, array('userinfo_email', 'userinfo_profile'));
$app->get('/login', function () use ($app, $googleService) {
if($app['session']->get('userinfo')) {
return new RedirectResponse('/');
}
return $app['twig']->render('login.twig', array(
'login_url' => $googleService->getAuthorizationUri()->__toString(),
'user' => $app['session']->get('userinfo'),
));
});
and
$app->match('/auth/callback', function (Request $request) use ($app, $googleService) {
// This was a callback request from google, get the token
$googleService->requestAccessToken($request->get('code'));
// Send a request with it
$user = json_decode($googleService->request('https://www.googleapis.com/oauth2/v1/userinfo'), true);
if (substr($user['email'],-11)==='@domain.com' || $user['email']==='web@anotherdomain.com') {
$user['logged_in_date'] = date('Y-m-d');
$app['session']->set('userinfo', $user);
$log = new \\UserLoggedinLog();
$log->setEmail($user['email']);
$log->setDate(time());
$log->save();
} else {
$message = \\Swift_Message::newInstance()
->setSubject('Mycroft :: unauthorized login')
->setFrom(array('server@domain.com' => 'robot'))
->setTo(array('admin@domain.com','web@domain.com'))
->setBody(sprintf("The following email [%s] tried to login from IP [%s]", $user['email'], $request->getClientIp()));
$app['mailer']->send($message);
}
return $app->redirect('/');
});
Is there a way to set the email addresses/users that can log in? So if a member of staff leaves they can be prevent from logging in immediately?
It doesn’t matter if this is done through Google’s control panel, if anything that would be better.