Auth: Add development manual override (#55496)

* Auth: Add development manual override * rename to disable_sync_lock
2025-01-09 23:53:25 -06:00 · 2022-09-20 17:48:40 +02:00 · 2022-09-20 17:48:40 +02:00 · 006944a360
commit 006944a360
parent 0e6a8cc6ac
4 changed files with 10 additions and 3 deletions
--- a/packages/grafana-data/src/types/config.ts
+++ b/packages/grafana-data/src/types/config.ts
@ -220,4 +220,5 @@ export interface GrafanaConfig {
 export interface AuthSettings {
  OAuthSkipOrgRoleUpdateSync?: boolean;
  SAMLSkipOrgRoleSync?: boolean;
+  DisableSyncLock?: boolean;
 }
--- a/pkg/api/frontendsettings.go
+++ b/pkg/api/frontendsettings.go
@ -140,6 +140,7 @@ func (hs *HTTPServer) getFrontendSettingsMap(c *models.ReqContext) (map[string]i
 		"auth": map[string]interface{}{
 			"OAuthSkipOrgRoleUpdateSync": hs.Cfg.OAuthSkipOrgRoleUpdateSync,
 			"SAMLSkipOrgRoleSync":        hs.Cfg.SectionWithEnvOverrides("auth.saml").Key("skip_org_role_sync").MustBool(false),
+			"DisableSyncLock":            hs.Cfg.DisableSyncLock,
 		},
 		"buildInfo": map[string]interface{}{
 			"hideVersion":   hideVersion,
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -295,6 +295,7 @@ type Cfg struct {
 	AdminUser                    string
 	AdminPassword                string
 	AdminEmail                   string
+	DisableSyncLock              bool

 	// AWS Plugin Auth
 	AWSAllowedAuthProviders []string
@ -1288,6 +1289,9 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
 		cfg.TokenRotationIntervalMinutes = 2
 	}

+	// Debug setting unlocking frontend auth sync lock. Users will still be reset on their next login.
+	cfg.DisableSyncLock = auth.Key("disable_sync_lock").MustBool(false)
+
 	DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
 	DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
 	OAuthAutoLogin = auth.Key("oauth_auto_login").MustBool(false)
--- a/public/app/features/admin/UserAdminPage.tsx
+++ b/public/app/features/admin/UserAdminPage.tsx
@ -112,9 +112,10 @@ export class UserAdminPage extends PureComponent<Props> {
      user?.isExternal && user?.authLabels?.some((r) => SyncedOAuthLabels.includes(r));
    const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
    const isUserSynced =
-      (user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser)) ||
-      (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
-      (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser);
+      !config.auth.DisableSyncLock &&
+      ((user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser)) ||
+        (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
+        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser));

    const pageNav: NavModelItem = {
      text: user?.login ?? '',