IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Auth: Surface organization membership error (#71750)

Browse Source 
surface organization membership error
This commit is contained in:
Jo
2023-07-17 16:35:59 +02:00
committed by GitHub
parent 24eef7a3d2
commit 914e0bf87e
3 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/api/login.go
View File

@@ -427,10 +427,26 @@ func getLoginExternalError(err error) string {
return createTokenErr.ExternalErr return createTokenErr.ExternalErr
} }
// unwrap until we get to the error message
gfErr := &errutil.Error{} gfErr := &errutil.Error{}
if errors.As(err, gfErr) { if errors.As(err, gfErr) {
return gfErr.Public().Message return getFirstPublicErrorMessage(gfErr)
} }
return err.Error() return err.Error()
} }
// Get the first public error message from an error chain.
func getFirstPublicErrorMessage(err *errutil.Error) string {
errPublic := err.Public()
if err.PublicMessage != "" {
return errPublic.Message
}
underlyingErr := &errutil.Error{}
if err.Underlying != nil && errors.As(err.Underlying, underlyingErr) {
return getFirstPublicErrorMessage(underlyingErr)
}
return errPublic.Message
}

17
pkg/login/social/github_oauth.go
View File

@@ -12,6 +12,7 @@ import (
"golang.org/x/oauth2" "golang.org/x/oauth2"
"github.com/grafana/grafana/pkg/models/roletype" "github.com/grafana/grafana/pkg/models/roletype"
"github.com/grafana/grafana/pkg/util/errutil"
) )
type SocialGithub struct { type SocialGithub struct {
@@ -32,8 +33,14 @@ type GithubTeam struct {
} }
var ( var (
ErrMissingTeamMembership = Error{"user not a member of one of the required teams"} ErrMissingTeamMembership = errutil.NewBase(errutil.StatusUnauthorized,
ErrMissingOrganizationMembership = Error{"user not a member of one of the required organizations"} "auth.missing_team",
errutil.WithPublicMessage(
"User is not a member of one of the required teams. Please contact identity provider administrator."))
ErrMissingOrganizationMembership = errutil.NewBase(errutil.StatusUnauthorized,
"auth.missing_organization",
errutil.WithPublicMessage(
"User is not a member of one of the required organizations. Please contact identity provider administrator."))
) )
func (s *SocialGithub) IsTeamMember(ctx context.Context, client *http.Client) bool { func (s *SocialGithub) IsTeamMember(ctx context.Context, client *http.Client) bool {
@@ -243,11 +250,13 @@ func (s *SocialGithub) UserInfo(ctx context.Context, client *http.Client, token
organizationsUrl := fmt.Sprintf(s.apiUrl + "/orgs?per_page=100") organizationsUrl := fmt.Sprintf(s.apiUrl + "/orgs?per_page=100")
if !s.IsTeamMember(ctx, client) { if !s.IsTeamMember(ctx, client) {
return nil, ErrMissingTeamMembership return nil, ErrMissingTeamMembership.Errorf("User is not a member of any of the allowed teams: %v", s.teamIds)
} }
if !s.IsOrganizationMember(ctx, client, organizationsUrl) { if !s.IsOrganizationMember(ctx, client, organizationsUrl) {
return nil, ErrMissingOrganizationMembership return nil, ErrMissingOrganizationMembership.Errorf(
"User is not a member of any of the allowed organizations: %v",
s.allowedOrganizations)
} }
if userInfo.Email == "" { if userInfo.Email == "" {

4
pkg/login/social/grafana_com_oauth.go
View File

@@ -79,7 +79,9 @@ func (s *SocialGrafanaCom) UserInfo(ctx context.Context, client *http.Client, _
} }
if !s.IsOrganizationMember(data.Orgs) { if !s.IsOrganizationMember(data.Orgs) {
return nil, ErrMissingOrganizationMembership return nil, ErrMissingOrganizationMembership.Errorf(
"User is not a member of any of the allowed organizations: %v. Returned Organizations: %v",
s.allowedOrganizations, data.Orgs)
} }
return userInfo, nil return userInfo, nil