Allow a list of verifiers to check if users are valid.

test_oauth/backend.py

@@ -4,11 +4,16 @@ from django.contrib.auth.backends import ModelBackend
 from django.conf import settings
 from django.db import transaction
 
-
+from test_oauth import verifiers
 from test_oauth.models import TESTOAuth2Data, Character
 from test_oauth.session import TESTOAuth2Session
 
 
+DEFAULT_VERIFIERS = [
+    verifiers.TESTMembershipVerifier()
+]
+
+
 class TESTOAuth2Backend(ModelBackend):
     def authenticate(self, token=None, **kwargs):
         if token is None:
@@ -16,6 +21,8 @@ class TESTOAuth2Backend(ModelBackend):
 
         profile = TESTOAuth2Session(token=token).profile
 
+        self.run_verifiers(profile)
+
         user, _ = get_user_model().objects.get_or_create(
             pk=profile['id'],
             username=profile['username']
@@ -44,6 +51,16 @@ class TESTOAuth2Backend(ModelBackend):
 
         return user
 
+    def run_verifiers(self, profile):
+        verifiers = getattr(
+            settings,
+            'TEST_OAUTH_VERIFIERS',
+            DEFAULT_VERIFIERS
+        )
+
+        for v in verifiers:
+            v(**profile)
+
     def get_user(self, user_id):
         UserModel = get_user_model()
 

test_oauth/verifiers.py

+from django.core.exceptions import PermissionDenied
+
+
+class Verifier(object):
+    def __init__(self, **kwargs):
+        for key, value in kwargs.items():
+            setattr(self, key, value)
+
+    def __call__(self, **kwargs):
+        if not self.valid(**kwargs):
+            raise PermissionDenied(self.message)
+
+
+class GroupMembershipVerifier(Verifier):
+    message = "You are not in the correct groups to log in to this site."
+
+    def valid(self, groups, **kwargs):
+        for g in groups:
+            if g['id'] == self.group:
+                return True
+
+        return False
+
+
+class TESTMembershipVerifier(GroupMembershipVerifier):
+    message = "You are not in TEST so you are not allowed to log in."
+    group = 6