IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Log a warning on unparsable team ids for GitHub OAuth (#79261)

Browse Source 
* Log warn if team ids are not integers

* Remove comment
This commit is contained in:
Misi 2023-12-08 17:00:09 +01:00 committed by GitHub
parent a35146f7ed
commit 566bed6ea1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md
View File

@ -79,7 +79,7 @@ The table below describes all GitHub OAuth configuration options. Like any other
| `skip_org_role_sync` | No | Set to `true` to stop automatically syncing user roles. | `false` |
| `allowed_organizations` | No | List of comma- or space-separated organizations. User must be a member of at least one organization to log in. | |
| `allowed_domains` | No | List of comma- or space-separated domains. User must belong to at least one domain to log in. | |
| `team_ids` | No | String list of team IDs. If set, user has to be a member of one of the given teams to log in. | |
| `team_ids` | No | Integer list of team IDs. If set, user has to be a member of one of the given teams to log in. | |
| `tls_skip_verify_insecure` | No | If set to `true`, the client accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks. | `false` |
| `tls_client_cert` | No | The path to the certificate. | |
| `tls_client_key` | No | The path to the key. | |

8
pkg/login/social/connectors/github_oauth.go
View File

@ -56,7 +56,8 @@ var (
)
func NewGitHubProvider(info *social.OAuthInfo, cfg *setting.Cfg, ssoSettings ssosettings.Service, features *featuremgmt.FeatureManager) *SocialGithub {
teamIds := mustInts(util.SplitString(info.Extra[teamIdsKey]))
teamIdsSplitted := util.SplitString(info.Extra[teamIdsKey])
teamIds := mustInts(teamIdsSplitted)
config := createOAuthConfig(info, cfg, social.GitHubProviderName)
provider := &SocialGithub{
@ -69,6 +70,10 @@ func NewGitHubProvider(info *social.OAuthInfo, cfg *setting.Cfg, ssoSettings sso
// skipOrgRoleSync: info.SkipOrgRoleSync
}
if len(teamIdsSplitted) != len(teamIds) {
provider.log.Warn("Failed to parse team ids. Team ids must be a list of numbers.", "teamIds", teamIdsSplitted)
}
if features.IsEnabledGlobally(featuremgmt.FlagSsoSettingsApi) {
ssoSettings.RegisterReloadable(social.GitHubProviderName, provider)
}
@ -342,7 +347,6 @@ func mustInts(s []string) []int {
for _, v := range s {
num, err := strconv.Atoi(v)
if err != nil {
// TODO: add log here
return []int{}
}
result = append(result, num)