From 8489c171f30d6af8eb00f7e7bdb174aee581c1a4 Mon Sep 17 00:00:00 2001
From: Jan Prochazka <jan.prochazka@gmail.com>
Date: Sun, 27 Nov 2022 18:32:01 +0100
Subject: [PATCH] AD_ALLOWED_LOGINS support

---
 packages/api/src/controllers/auth.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/packages/api/src/controllers/auth.js b/packages/api/src/controllers/auth.js
index f435cee84..d3db8660c 100644
--- a/packages/api/src/controllers/auth.js
+++ b/packages/api/src/controllers/auth.js
@@ -108,6 +108,12 @@ module.exports = {
         if (!res) {
           return { error: 'Login failed' };
         }
+        if (
+          process.env.AD_ALLOWED_LOGINS &&
+          !process.env.AD_ALLOWED_LOGINS.split(',').find(x => x.toLowerCase().trim() == login.toLowerCase().trim())
+        ) {
+          return { error: `Username ${login} not allowed to log in` };
+        }        
         return {
           accessToken: jwt.sign({ login }, tokenSecret, { expiresIn: getTokenLifetime() }),
         };