Hi , I am writing a rule to block emails trying to access outside from a given IP list, but it is still allowing users to login .
here is the rule
function (user, context, callback) {
//Global blockedUsers
var blockedUsers = [ 'ops@xyz.com'];
//authorized IPs
var whitelistIPs = ['182.77.51.73','103.54.102.149', '182.77.60.237', '203.134.218.180','70.35.203.46','103.54.103.28','203.134.213.35'];
var userHasAccess = false;
if (blockedUsers.some(
function (email) {
return email === user.email;
}))
{
if ( whitelistIPs.some(
function (ip) {
return context.request.ip !== ip;
}))
{
return callback(new UnauthorizedError('Access denied from this IP address.'));
}
}
return callback(null, user, context);
}