Allow config for user domain restriction to remain in config.

  Avoid requiring deployment frameworks to add/remove config lines.
  Allow deployment to simply change config values to turn on/off feature.

Author: grosscol

bravo_api/__init__.py

@@ -98,7 +98,7 @@ def create_app(test_config=None):
     app.register_blueprint(auth_routes.bp, url_prefix='/ui')
 
     # Initialize User Management and Authorization Routes
-    if 'USER_DOMAIN_PERMITTED' in app.config:
+    if 'USER_DOMAIN_PERMITTED' in app.config and not app.config['USER_DOMAIN_PERMITTED'] == "":
         DomainUser.set_permitted_domain(app.config['USER_DOMAIN_PERMITTED'])
         app.user_mgmt = MongoUserMgmt(app.mmongo, DomainUser)
     else:

bravo_api/default_config.py

@@ -15,4 +15,5 @@
 GOOGLE_DISCOVERY_URL = "https://accounts.google.com/.well-known/openid-configuration"
 
 # Use the following key to only allow users from a single domain
+#  Leave undefined or "" to allow users to authenticate from all domains
 # USER_DOMAIN_PERMITTED = "example.com"