From c236f7619f1787cbcbbad75af7ae7811ccff656d Mon Sep 17 00:00:00 2001
From: dankelleher <dankelleher@yahoo.com>
Date: Thu, 24 Sep 2020 18:38:05 +0200
Subject: [PATCH] Allow google group members on different domains

---
 authz/google.groups-lookup.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/authz/google.groups-lookup.js b/authz/google.groups-lookup.js
index 73ee0a0..25d7549 100644
--- a/authz/google.groups-lookup.js
+++ b/authz/google.groups-lookup.js
@@ -24,12 +24,12 @@ function isAuthorized(decoded, request, callback, unauthorized, internalServerEr
     .then(function(response) {
       for (var i = 0; i < googleAuthz.cloudfront_authz_groups.length; i++) {
         var authorization = response.data.token_type + ' ' + response.data.access_token;
-        var membershipGet = 'https://www.googleapis.com/admin/directory/v1/groups/' + googleAuthz.cloudfront_authz_groups[i] + '/hasMember/' + decoded.sub;
+        var membershipGet = 'https://www.googleapis.com/admin/directory/v1/groups/' + googleAuthz.cloudfront_authz_groups[i] + '/members/' + decoded.sub;
         console.log(membershipGet + ': ' + authorization);
         axios.get(membershipGet, { headers: {'Authorization': authorization}})
           .then(function(response) {
             groupChecks++;
-            if (!response.data.error && response.data.isMember == true && decoded.aud === request.headers.host[0].value && decoded.sub.endsWith(config.HOSTED_DOMAIN)) {
+            if (!response.data.error && response.data.status === 'ACTIVE' && decoded.aud === request.headers.host[0].value) {
               callback(null, request);
             } else if (groupChecks >= googleAuthz.cloudfront_authz_groups.length) {
               unauthorized('Unauthorized', 'User ' + decoded.sub + ' is not permitted.', '', callback);