Compare commits
No commits in common. "940_assign_teams_via_authentik" and "main" have entirely different histories.
940_assign
...
main
3 changed files with 6 additions and 146 deletions
|
@ -1095,28 +1095,6 @@ func (err ErrTeamDoesNotExist) HTTPError() web.HTTPError {
|
||||||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
|
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."}
|
||||||
}
|
}
|
||||||
|
|
||||||
type ErrTeamsDoNotExist struct {
|
|
||||||
Name string
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsErrTeamDoNotExist checks if an error is ErrTeamDoesNotExist.
|
|
||||||
func IsErrTeamsDoNotExist(err error) bool {
|
|
||||||
_, ok := err.(ErrTeamsDoNotExist)
|
|
||||||
return ok
|
|
||||||
}
|
|
||||||
|
|
||||||
func (err ErrTeamsDoNotExist) Error() string {
|
|
||||||
return fmt.Sprintf("Team does not exist [Team Name: %v]", err.Name)
|
|
||||||
}
|
|
||||||
|
|
||||||
// ErrCodeTeamDoesNotExist holds the unique world-error code of this error
|
|
||||||
const ErrCodeTeamsDoNotExist = 6002
|
|
||||||
|
|
||||||
// HTTPError holds the http error description
|
|
||||||
func (err ErrTeamsDoNotExist) HTTPError() web.HTTPError {
|
|
||||||
return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "No team with given name exists."}
|
|
||||||
}
|
|
||||||
|
|
||||||
// ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace
|
// ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace
|
||||||
type ErrTeamAlreadyHasAccess struct {
|
type ErrTeamAlreadyHasAccess struct {
|
||||||
TeamID int64
|
TeamID int64
|
||||||
|
|
|
@ -79,7 +79,7 @@ type TeamMember struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// TableName makes beautiful table names
|
// TableName makes beautiful table names
|
||||||
func (TeamMember) TableName() string {
|
func (*TeamMember) TableName() string {
|
||||||
return "team_members"
|
return "team_members"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -119,34 +119,6 @@ func GetTeamByID(s *xorm.Session, id int64) (team *Team, err error) {
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
func GetTeamsByName(s *xorm.Session, name string) (teams []*Team, err error) {
|
|
||||||
if name == "" {
|
|
||||||
return teams, ErrTeamsDoNotExist{name}
|
|
||||||
}
|
|
||||||
|
|
||||||
var ts []*Team
|
|
||||||
|
|
||||||
exists := s.
|
|
||||||
Where("name = ?", name).
|
|
||||||
Find(&ts)
|
|
||||||
if exists != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
if len(ts) == 0 {
|
|
||||||
return ts, ErrTeamsDoNotExist{name}
|
|
||||||
}
|
|
||||||
|
|
||||||
// //for each ts
|
|
||||||
// teamSlice := []*Team{ts}
|
|
||||||
// err = addMoreInfoToTeams(s, teamSlice)
|
|
||||||
// if err != nil {
|
|
||||||
// return
|
|
||||||
// }
|
|
||||||
|
|
||||||
teams = ts
|
|
||||||
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
func addMoreInfoToTeams(s *xorm.Session, teams []*Team) (err error) {
|
func addMoreInfoToTeams(s *xorm.Session, teams []*Team) (err error) {
|
||||||
|
|
||||||
|
@ -310,37 +282,6 @@ func (t *Team) Create(s *xorm.Session, a web.Auth) (err error) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func (t *Team) CreateNoAdmin(s *xorm.Session, a web.Auth) (err error) {
|
|
||||||
doer, err := user.GetFromAuth(a)
|
|
||||||
if err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
// Check if we have a name
|
|
||||||
if t.Name == "" {
|
|
||||||
return ErrTeamNameCannotBeEmpty{}
|
|
||||||
}
|
|
||||||
|
|
||||||
t.CreatedByID = doer.ID
|
|
||||||
t.CreatedBy = doer
|
|
||||||
|
|
||||||
_, err = s.Insert(t)
|
|
||||||
if err != nil {
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Insert the current user as member and admin
|
|
||||||
tm := TeamMember{TeamID: t.ID, Username: doer.Username, Admin: false}
|
|
||||||
if err = tm.Create(s, doer); err != nil {
|
|
||||||
return err
|
|
||||||
}
|
|
||||||
|
|
||||||
return events.Dispatch(&TeamCreatedEvent{
|
|
||||||
Team: t,
|
|
||||||
Doer: a,
|
|
||||||
})
|
|
||||||
}
|
|
||||||
|
|
||||||
// Delete deletes a team
|
// Delete deletes a team
|
||||||
// @Summary Deletes a team
|
// @Summary Deletes a team
|
||||||
// @Description Delets a team. This will also remove the access for all users in that team.
|
// @Description Delets a team. This will also remove the access for all users in that team.
|
||||||
|
|
|
@ -52,18 +52,16 @@ type Provider struct {
|
||||||
OriginalAuthURL string `json:"-"`
|
OriginalAuthURL string `json:"-"`
|
||||||
AuthURL string `json:"auth_url"`
|
AuthURL string `json:"auth_url"`
|
||||||
ClientID string `json:"client_id"`
|
ClientID string `json:"client_id"`
|
||||||
Scope string `json:"scope"`
|
|
||||||
ClientSecret string `json:"-"`
|
ClientSecret string `json:"-"`
|
||||||
openIDProvider *oidc.Provider
|
openIDProvider *oidc.Provider
|
||||||
Oauth2Config *oauth2.Config `json:"-"`
|
Oauth2Config *oauth2.Config `json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type claims struct {
|
type claims struct {
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
Name string `json:"name"`
|
Name string `json:"name"`
|
||||||
PreferredUsername string `json:"preferred_username"`
|
PreferredUsername string `json:"preferred_username"`
|
||||||
Nickname string `json:"nickname"`
|
Nickname string `json:"nickname"`
|
||||||
Group []string `json:"groups"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
|
@ -190,79 +188,22 @@ func HandleCallback(c echo.Context) error {
|
||||||
|
|
||||||
// Check if we have seen this user before
|
// Check if we have seen this user before
|
||||||
u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject)
|
u, err := getOrCreateUser(s, cl, idToken.Issuer, idToken.Subject)
|
||||||
|
|
||||||
log.Errorf("Issuer %s: %v", idToken.Issuer, err)
|
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
_ = s.Rollback()
|
_ = s.Rollback()
|
||||||
log.Errorf("Error creating new user for provider %s: %v", provider.Name, err)
|
log.Errorf("Error creating new user for provider %s: %v", provider.Name, err)
|
||||||
return handler.HandleHTTPError(err, c)
|
return handler.HandleHTTPError(err, c)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if we have seen this user before
|
|
||||||
teams, err := GetOrCreateTeamsByNames(s, cl.Group, u)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Error verifying team for name %v, got %v", cl.Name, teams, err)
|
|
||||||
return err
|
|
||||||
} else {
|
|
||||||
for _, team := range teams {
|
|
||||||
tm := models.TeamMember{TeamID: team.ID, Username: u.Username}
|
|
||||||
if err = tm.Create(s, u); err != nil {
|
|
||||||
switch t := err.(type) {
|
|
||||||
case *models.ErrUserIsMemberOfTeam:
|
|
||||||
log.Errorf("ErrUserIsMemberOfTeam", t)
|
|
||||||
break
|
|
||||||
default:
|
|
||||||
log.Errorf("Error assigning User to team", t)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
err = s.Commit()
|
err = s.Commit()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return handler.HandleHTTPError(err, c)
|
return handler.HandleHTTPError(err, c)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Create token
|
// Create token
|
||||||
return auth.NewUserAuthTokenResponse(u, c, false)
|
return auth.NewUserAuthTokenResponse(u, c, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func GetOrCreateTeamsByNames(s *xorm.Session, teamNames []string, u *user.User) (te []models.Team, err error) {
|
|
||||||
te = []models.Team{}
|
|
||||||
for _, t := range teamNames {
|
|
||||||
team, err := models.GetTeamsByName(s, t)
|
|
||||||
|
|
||||||
if models.IsErrTeamsDoNotExist(err) {
|
|
||||||
log.Errorf("No such Team: %v, got %v", t, team, err)
|
|
||||||
tea := &models.Team{
|
|
||||||
Name: t,
|
|
||||||
}
|
|
||||||
err := tea.CreateNoAdmin(s, u)
|
|
||||||
if err != nil {
|
|
||||||
log.Errorf("Teams: %v, err: %v", tea, err)
|
|
||||||
} else {
|
|
||||||
te = append(te, *tea)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// if multiple teams with same name are found,
|
|
||||||
if len(team) == 1 {
|
|
||||||
te = append(te, *team[len(team)-1])
|
|
||||||
} else {
|
|
||||||
log.Errorf("Multiple Teams have the same name: %v, ", team[len(team)-1].Name)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return te, err
|
|
||||||
}
|
|
||||||
|
|
||||||
// assign user to team
|
|
||||||
// remove user from team if not in group
|
|
||||||
// if multiple teams found with same name -> do nothing
|
|
||||||
// optional: assign by id
|
|
||||||
//
|
|
||||||
|
|
||||||
func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *user.User, err error) {
|
func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *user.User, err error) {
|
||||||
|
|
||||||
// Check if the user exists for that issuer and subject
|
// Check if the user exists for that issuer and subject
|
||||||
u, err = user.GetUserWithEmail(s, &user.User{
|
u, err = user.GetUserWithEmail(s, &user.User{
|
||||||
Issuer: issuer,
|
Issuer: issuer,
|
||||||
|
|
Loading…
Reference in a new issue