Locking down access to your domain #34
Description
The new flex environment let's you restrict authentication to users within your domain, but it's now clear how that should work for apps like this that runs on the older version of App Engine, so I aded a few lines just inside SummaryPage and UserPage
user_email = self.request.get('u', _current_user_email())
# Reject all but domain users
user_domain = user_email.split('@')[-1]
app_settings = models.AppSettings.get()
if user_domain not in app_settings.domains:
self.redirect(users.create_logout_url('/'))
return