Skip to content

Commit

Permalink
fix: remove default group (#5956)
Browse files Browse the repository at this point in the history
sguiheux authored Oct 1, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 08ef0d8 commit a0b430b
Showing 3 changed files with 18 additions and 12 deletions.
11 changes: 6 additions & 5 deletions engine/api/api.go
Original file line number Diff line number Diff line change
@@ -93,11 +93,12 @@ type Configuration struct {
InsecureSkipVerifyTLS bool `toml:"insecureSkipVerifyTLS" json:"insecureSkipVerifyTLS" default:"false"`
} `toml:"internalServiceMesh" json:"internalServiceMesh"`
Auth struct {
TokenDefaultDuration int64 `toml:"tokenDefaultDuration" default:"30" comment:"The default duration of a token (in days)" json:"tokenDefaultDuration"`
TokenOverlapDefaultDuration string `toml:"tokenOverlapDefaultDuration" default:"24h" comment:"The default overlap duration when a token is regen" json:"tokenOverlapDefaultDuration"`
DefaultGroup string `toml:"defaultGroup" default:"" comment:"The default group is the group in which every new user will be granted at signup" json:"defaultGroup"`
RSAPrivateKey string `toml:"rsaPrivateKey" default:"" comment:"The RSA Private Key used to sign and verify the JWT Tokens issued by the API \nThis is mandatory." json:"-"`
LDAP struct {
TokenDefaultDuration int64 `toml:"tokenDefaultDuration" default:"30" comment:"The default duration of a token (in days)" json:"tokenDefaultDuration"`
TokenOverlapDefaultDuration string `toml:"tokenOverlapDefaultDuration" default:"24h" comment:"The default overlap duration when a token is regen" json:"tokenOverlapDefaultDuration"`
DefaultGroup string `toml:"defaultGroup" default:"" comment:"The default group is the group in which every new user will be granted at signup" json:"defaultGroup"`
DisableAddUserInDefaultGroup bool `toml:"disableAddUserInDefaultGroup" default:"false" comment:"If false, user are automatically added in the default group" json:"disableAddUserInDefaultGroup"`
RSAPrivateKey string `toml:"rsaPrivateKey" default:"" comment:"The RSA Private Key used to sign and verify the JWT Tokens issued by the API \nThis is mandatory." json:"-"`
LDAP struct {
Enabled bool `toml:"enabled" default:"false" json:"enabled"`
SignupDisabled bool `toml:"signupDisabled" default:"false" json:"signupDisabled"`
Host string `toml:"host" json:"host"`
13 changes: 8 additions & 5 deletions engine/api/auth.go
Original file line number Diff line number Diff line change
@@ -170,8 +170,10 @@ func (api *API) postAuthSigninHandler() service.Handler {
return err
}
}
if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil {
return err
if !api.Config.Auth.DisableAddUserInDefaultGroup {
if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil {
return err
}
}
} else {
// Check if a user already exists for external username
@@ -238,10 +240,11 @@ func (api *API) postAuthSigninHandler() service.Handler {
return err
}

if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil {
return err
if !api.Config.Auth.DisableAddUserInDefaultGroup {
if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil {
return err
}
}

signupDone = true
}
}
6 changes: 4 additions & 2 deletions engine/api/auth_local.go
Original file line number Diff line number Diff line change
@@ -319,8 +319,10 @@ func (api *API) postAuthLocalVerifyHandler() service.Handler {
return err
}

if err := group.CheckUserInDefaultGroup(ctx, tx, newUser.ID); err != nil {
return err
if !api.Config.Auth.DisableAddUserInDefaultGroup {
if err := group.CheckUserInDefaultGroup(ctx, tx, newUser.ID); err != nil {
return err
}
}

// Create new local consumer for new user, set this consumer as pending validation

0 comments on commit a0b430b

Please sign in to comment.