From a0b430bafb5bc959371b05b85fe46c9904bae2b9 Mon Sep 17 00:00:00 2001 From: Guiheux Steven Date: Fri, 1 Oct 2021 15:36:19 +0200 Subject: [PATCH] fix: remove default group (#5956) --- engine/api/api.go | 11 ++++++----- engine/api/auth.go | 13 ++++++++----- engine/api/auth_local.go | 6 ++++-- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/engine/api/api.go b/engine/api/api.go index 8b5946ba7b..62680f06b5 100644 --- a/engine/api/api.go +++ b/engine/api/api.go @@ -93,11 +93,12 @@ type Configuration struct { InsecureSkipVerifyTLS bool `toml:"insecureSkipVerifyTLS" json:"insecureSkipVerifyTLS" default:"false"` } `toml:"internalServiceMesh" json:"internalServiceMesh"` Auth struct { - TokenDefaultDuration int64 `toml:"tokenDefaultDuration" default:"30" comment:"The default duration of a token (in days)" json:"tokenDefaultDuration"` - TokenOverlapDefaultDuration string `toml:"tokenOverlapDefaultDuration" default:"24h" comment:"The default overlap duration when a token is regen" json:"tokenOverlapDefaultDuration"` - DefaultGroup string `toml:"defaultGroup" default:"" comment:"The default group is the group in which every new user will be granted at signup" json:"defaultGroup"` - RSAPrivateKey string `toml:"rsaPrivateKey" default:"" comment:"The RSA Private Key used to sign and verify the JWT Tokens issued by the API \nThis is mandatory." json:"-"` - LDAP struct { + TokenDefaultDuration int64 `toml:"tokenDefaultDuration" default:"30" comment:"The default duration of a token (in days)" json:"tokenDefaultDuration"` + TokenOverlapDefaultDuration string `toml:"tokenOverlapDefaultDuration" default:"24h" comment:"The default overlap duration when a token is regen" json:"tokenOverlapDefaultDuration"` + DefaultGroup string `toml:"defaultGroup" default:"" comment:"The default group is the group in which every new user will be granted at signup" json:"defaultGroup"` + DisableAddUserInDefaultGroup bool `toml:"disableAddUserInDefaultGroup" default:"false" comment:"If false, user are automatically added in the default group" json:"disableAddUserInDefaultGroup"` + RSAPrivateKey string `toml:"rsaPrivateKey" default:"" comment:"The RSA Private Key used to sign and verify the JWT Tokens issued by the API \nThis is mandatory." json:"-"` + LDAP struct { Enabled bool `toml:"enabled" default:"false" json:"enabled"` SignupDisabled bool `toml:"signupDisabled" default:"false" json:"signupDisabled"` Host string `toml:"host" json:"host"` diff --git a/engine/api/auth.go b/engine/api/auth.go index c82380b34c..554fa9736b 100644 --- a/engine/api/auth.go +++ b/engine/api/auth.go @@ -170,8 +170,10 @@ func (api *API) postAuthSigninHandler() service.Handler { return err } } - if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil { - return err + if !api.Config.Auth.DisableAddUserInDefaultGroup { + if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil { + return err + } } } else { // Check if a user already exists for external username @@ -238,10 +240,11 @@ func (api *API) postAuthSigninHandler() service.Handler { return err } - if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil { - return err + if !api.Config.Auth.DisableAddUserInDefaultGroup { + if err := group.CheckUserInDefaultGroup(ctx, tx, u.ID); err != nil { + return err + } } - signupDone = true } } diff --git a/engine/api/auth_local.go b/engine/api/auth_local.go index 59c0c433fe..35efd0d4b1 100644 --- a/engine/api/auth_local.go +++ b/engine/api/auth_local.go @@ -319,8 +319,10 @@ func (api *API) postAuthLocalVerifyHandler() service.Handler { return err } - if err := group.CheckUserInDefaultGroup(ctx, tx, newUser.ID); err != nil { - return err + if !api.Config.Auth.DisableAddUserInDefaultGroup { + if err := group.CheckUserInDefaultGroup(ctx, tx, newUser.ID); err != nil { + return err + } } // Create new local consumer for new user, set this consumer as pending validation