Fixes for Admin Login, @somaiya.edu validation, and Password Visibility

2026-01-14 02:47:28 +05:30
parent fe772067dd
commit a114719e00
9 changed files with 229 additions and 71 deletions
--- a/server/config/passport.js
+++ b/server/config/passport.js
@@ -13,6 +13,14 @@ passport.use(
    },
    async (accessToken, refreshToken, profile, done) => {
      try {
+        // Security: Check if the email is from Somaiya
+        // We only want somaiya students/faculty to access this
+        if (profile.emails[0].value.endsWith("@somaiya.edu") === false) {
+          return done(null, false, {
+            message: "Only @somaiya.edu emails are allowed",
+          });
+        }
+
        // Check if a user with the same email already exists
        let user = await User.findOne({ email: profile.emails[0].value });