Compare commits

..

No commits in common. "940_assign_teams_via_authentik" and "main" have entirely different histories.

3 changed files with 6 additions and 146 deletions

View file

@ -1095,28 +1095,6 @@ func (err ErrTeamDoesNotExist) HTTPError() web.HTTPError {
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."} return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
} }
type ErrTeamsDoNotExist struct {
Name string
}
// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
func IsErrTeamsDoNotExist(err error) bool {
_, ok := err.(ErrTeamsDoNotExist)
return ok
}
func (err ErrTeamsDoNotExist) Error() string {
return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
}
// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
const ErrCodeTeamsDoNotExist = 6002
// HTTPError holds the http error description
func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
}
// ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace // ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace
type ErrTeamAlreadyHasAccess struct { type ErrTeamAlreadyHasAccess struct {
TeamID int64 TeamID int64

View file

@ -79,7 +79,7 @@ type TeamMember struct {
} }
// TableName makes beautiful table names // TableName makes beautiful table names
func (TeamMember) TableName() string { func (*TeamMember) TableName() string {
return "team_members" return "team_members"
} }
@ -119,34 +119,6 @@ func GetTeamByID(s *xorm.Session, id int64) (team *Team, err error) {
return return
} }
func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
if name == "" {
return teams, ErrTeamsDoNotExist{name}
}
var ts []*Team
exists := s.
Where("name = ?", name).
Find(&ts)
if exists != nil {
return
}
if len(ts) == 0 {
return ts, ErrTeamsDoNotExist{name}
}
// //for each ts
// teamSlice := []*Team{ts}
// err = addMoreInfoToTeams(s, teamSlice)
// if err != nil {
// return
// }
teams = ts
return
}
func addMoreInfoToTeams(s *xorm.Session, teams []*Team) (err error) { func addMoreInfoToTeams(s *xorm.Session, teams []*Team) (err error) {
@ -310,37 +282,6 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
}) })
} }
func (t *Team) CreateNoAdmin(s *xorm.Session, a web.Auth) (err error) {
doer, err := user.GetFromAuth(a)
if err != nil {
return err
}
// Check if we have a name
if t.Name == "" {
return ErrTeamNameCannotBeEmpty{}
}
t.CreatedByID = doer.ID
t.CreatedBy = doer
_, err = s.Insert(t)
if err != nil {
return
}
// Insert the current user as member and admin
tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: false}
if err = tm.Create(s, doer); err != nil {
return err
}
return events.Dispatch(&TeamCreatedEvent{
Team: t,
Doer: a,
})
}
// Delete deletes a team // Delete deletes a team
// @Summary Deletes a team // @Summary Deletes a team
// @Description Delets a team. This will also remove the access for all users in that team. // @Description Delets a team. This will also remove the access for all users in that team.

View file

@ -52,18 +52,16 @@ type Provider struct {
OriginalAuthURL string `json:"-"` OriginalAuthURL string `json:"-"`
AuthURL string `json:"auth_url"` AuthURL string `json:"auth_url"`
ClientID string `json:"client_id"` ClientID string `json:"client_id"`
Scope string `json:"scope"`
ClientSecret string `json:"-"` ClientSecret string `json:"-"`
openIDProvider *oidc.Provider openIDProvider *oidc.Provider
Oauth2Config *oauth2.Config `json:"-"` Oauth2Config *oauth2.Config `json:"-"`
} }
type claims struct { type claims struct {
Email string `json:"email"` Email string `json:"email"`
Name string `json:"name"` Name string `json:"name"`
PreferredUsername string `json:"preferred_username"` PreferredUsername string `json:"preferred_username"`
Nickname string `json:"nickname"` Nickname string `json:"nickname"`
Group []string `json:"groups"`
} }
func init() { func init() {
@ -190,79 +188,22 @@ func HandleCallback(c echo.Context) error {
// Check if we have seen this user before // Check if we have seen this user before
u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject) u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject)
log.Errorf("Issuer %s: %v", idToken.Issuer, err)
if err != nil { if err != nil {
_ = s.Rollback() _ = s.Rollback()
log.Errorf("Error creating new user for provider %s: %v", provider.Name, err) log.Errorf("Error creating new user for provider %s: %v", provider.Name, err)
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
// Check if we have seen this user before
teams, err := GetOrCreateTeamsByNames(s, cl.Group, u)
if err != nil {
log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
return err
} else {
for _, team := range teams {
tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
if err = tm.Create(s, u); err != nil {
switch t := err.(type) {
case *models.ErrUserIsMemberOfTeam:
log.Errorf("ErrUserIsMemberOfTeam", t)
break
default:
log.Errorf("Error assigning User to team", t)
}
}
}
}
err = s.Commit() err = s.Commit()
if err != nil { if err != nil {
return handler.HandleHTTPError(err, c) return handler.HandleHTTPError(err, c)
} }
// Create token // Create token
return auth.NewUserAuthTokenResponse(u, c, false) return auth.NewUserAuthTokenResponse(u, c, false)
} }
func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User) (te []models.Team, err error) {
te = []models.Team{}
for _, t := range teamNames {
team, err := models.GetTeamsByName(s, t)
if models.IsErrTeamsDoNotExist(err) {
log.Errorf("No such Team: %v, got %v", t, team, err)
tea := &models.Team{
Name: t,
}
err := tea.CreateNoAdmin(s, u)
if err != nil {
log.Errorf("Teams: %v, err: %v", tea, err)
} else {
te = append(te, *tea)
}
} else {
// if multiple teams with same name are found,
if len(team) == 1 {
te = append(te, *team[len(team)-1])
} else {
log.Errorf("Multiple Teams have the same name: %v, ", team[len(team)-1].Name)
}
}
}
return te, err
}
// assign user to team
// remove user from team if not in group
// if multiple teams found with same name -> do nothing
// optional: assign by id
//
func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *user.User, err error) { func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *user.User, err error) {
// Check if the user exists for that issuer and subject // Check if the user exists for that issuer and subject
u, err = user.GetUserWithEmail(s, &user.User{ u, err = user.GetUserWithEmail(s, &user.User{
Issuer: issuer, Issuer: issuer,