IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-25 18:30:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

Oauth: Assign role from GF_USERS_AUTO_ASSIGN_ORG_ROLE for Azure AD Oauth (#34838)

Browse Source 
* 30555:Assign correct role with environment variable GF_USERS_AUTO_ASSIGN_ORG_ROLE

* 30555:Remove unused condition
This commit is contained in:
idafurjes 2021-05-28 16:14:30 +02:00 committed by GitHub
parent ad6648b649
commit 48f6d6f7e6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/login/social/azuread_oauth.go
View File

@ -7,6 +7,7 @@ import (
"strings" "strings"
"github.com/grafana/grafana/pkg/models" "github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util/errutil" "github.com/grafana/grafana/pkg/util/errutil"
"golang.org/x/oauth2" "golang.org/x/oauth2"
@ -97,7 +98,7 @@ func extractEmail(claims azureClaims) string {
func extractRole(claims azureClaims) models.RoleType { func extractRole(claims azureClaims) models.RoleType {
if len(claims.Roles) == 0 { if len(claims.Roles) == 0 {
return models.ROLE_VIEWER return models.RoleType(setting.AutoAssignOrgRole)
} }
roleOrder := []models.RoleType{ roleOrder := []models.RoleType{

40
pkg/login/social/azuread_oauth_test.go
View File

@ -6,6 +6,7 @@ import (
"testing" "testing"
"time" "time"
"github.com/grafana/grafana/pkg/setting"
"golang.org/x/oauth2" "golang.org/x/oauth2"
"gopkg.in/square/go-jose.v2" "gopkg.in/square/go-jose.v2"
"gopkg.in/square/go-jose.v2/jwt" "gopkg.in/square/go-jose.v2/jwt"
@ -21,12 +22,13 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
} }
tests := []struct { tests := []struct {
name string name string
fields fields fields fields
claims *azureClaims claims *azureClaims
args args args args
want *BasicUserInfo settingAutoAssignOrgRole string
wantErr bool want *BasicUserInfo
wantErr bool
}{ }{
{ {
name: "Email in email claim", name: "Email in email claim",
@ -37,6 +39,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
Name: "My Name", Name: "My Name",
ID: "1234", ID: "1234",
}, },
settingAutoAssignOrgRole: "Viewer",
want: &BasicUserInfo{ want: &BasicUserInfo{
Id: "1234", Id: "1234",
Name: "My Name", Name: "My Name",
@ -74,6 +77,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
Name: "My Name", Name: "My Name",
ID: "1234", ID: "1234",
}, },
settingAutoAssignOrgRole: "Viewer",
want: &BasicUserInfo{ want: &BasicUserInfo{
Id: "1234", Id: "1234",
Name: "My Name", Name: "My Name",
@ -141,7 +145,26 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
Groups: []string{}, Groups: []string{},
}, },
}, },
{
name: "role from env variable",
claims: &azureClaims{
Email: "me@example.com",
PreferredUsername: "",
Roles: []string{},
Name: "My Name",
ID: "1234",
},
settingAutoAssignOrgRole: "Editor",
want: &BasicUserInfo{
Id: "1234",
Name: "My Name",
Email: "me@example.com",
Login: "me@example.com",
Company: "",
Role: "Editor",
Groups: []string{},
},
},
{ {
name: "Editor role", name: "Editor role",
claims: &azureClaims{ claims: &azureClaims{
@ -209,6 +232,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
Name: "My Name", Name: "My Name",
ID: "1234", ID: "1234",
}, },
settingAutoAssignOrgRole: "Viewer",
want: &BasicUserInfo{ want: &BasicUserInfo{
Id: "1234", Id: "1234",
Name: "My Name", Name: "My Name",
@ -258,6 +282,8 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
token = token.WithExtra(map[string]interface{}{"id_token": raw}) token = token.WithExtra(map[string]interface{}{"id_token": raw})
} }
setting.AutoAssignOrgRole = tt.settingAutoAssignOrgRole
got, err := s.UserInfo(tt.args.client, token) got, err := s.UserInfo(tt.args.client, token)
if (err != nil) != tt.wantErr { if (err != nil) != tt.wantErr {
t.Errorf("UserInfo() error = %v, wantErr %v", err, tt.wantErr) t.Errorf("UserInfo() error = %v, wantErr %v", err, tt.wantErr)