Oliver/loreal-sla-calculator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove @loreal.com domain restriction for SSO — Azure AD tenant is the gatekeeper

Browse source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Vadym Samoilenko 2026-03-10 20:08:02 +00:00
parent 3aef3c4080
commit 4be7f8742a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
server/controllers/authController.js
View file

@ -129,7 +129,7 @@ async function ssoLogin(req, res) {
}
const email = (claims.preferred_username || claims.email || '').toLowerCase();
if (!isLorealEmail(email)) return res.status(403).json({ error: 'Only @loreal.com accounts are allowed.' });
// Azure AD tenant membership is already the gate — no domain restriction for SSO
const user = await db.upsertSsoUser({
email,