Auth: Refactoring of frontend skipOrgRoleSync logic to backend (#62921)

* WIP * refactor: add function in login for externSynced * refactor: make function to make ExternalSyncedInfo - adds tests - refactors strings into consts * remove: console.log * remove: unnessecary comment * added exhaustive tests * refactor: labelname * removed unused code * missspelling * refactor: based on review comments * add: comment to functions about authinfo behavior * Update pkg/services/login/authinfo.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * Update pkg/services/login/authinfo.go Co-authored-by: Ieva <ieva.vasiljeva@grafana.com> * fix: tests --------- Co-authored-by: Ieva <ieva.vasiljeva@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-02-08 20:11:46 +00:00
parent b405874166
commit 91b5337600
9 changed files with 319 additions and 77 deletions
--- a/public/app/features/admin/UserAdminPage.tsx
+++ b/public/app/features/admin/UserAdminPage.tsx
@@ -104,45 +104,9 @@ export class UserAdminPage extends PureComponent<Props> {
  render() {
    const { user, orgs, sessions, ldapSyncInfo, isLoading } = this.props;
    const isLDAPUser = user?.isExternal && user?.authLabels?.includes('LDAP');
-    const isJWTUser = user?.authLabels?.includes('JWT');
    const canReadSessions = contextSrv.hasPermission(AccessControlAction.UsersAuthTokenList);
    const canReadLDAPStatus = contextSrv.hasPermission(AccessControlAction.LDAPStatusRead);
-    const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
-    const isGoogleUser = user?.isExternal && user?.authLabels?.includes('Google');
-    const isGithubUser = user?.isExternal && user?.authLabels?.includes('GitHub');
-    const isGitLabUser = user?.isExternal && user?.authLabels?.includes('GitLab');
-    const isAuthProxyUser = user?.isExternal && user?.authLabels?.includes('Auth Proxy');
-    const isAzureADUser = user?.isExternal && user?.authLabels?.includes('AzureAD');
-    const isOktaUser = user?.isExternal && user?.authLabels?.includes('Okta');
-    const isGrafanaComUser = user?.isExternal && user?.authLabels?.includes('grafana.com');
-    const isGenericOAuthUser = user?.isExternal && user?.authLabels?.includes('Generic OAuth');
-    const isUserSynced =
-      !config.auth.DisableSyncLock &&
-      ((user?.isExternal &&
-        !(
-          isAuthProxyUser ||
-          isGoogleUser ||
-          isGitLabUser ||
-          isGenericOAuthUser ||
-          isSAMLUser ||
-          isOktaUser ||
-          isLDAPUser ||
-          isGithubUser ||
-          isAzureADUser ||
-          isJWTUser ||
-          isGrafanaComUser
-        )) ||
-        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser) ||
-        (!config.auth.LDAPSkipOrgRoleSync && isLDAPUser) ||
-        (!config.auth.JWTAuthSkipOrgRoleSync && isJWTUser) ||
-        // both OAuthSkipOrgRoleUpdateSync and specific provider settings needs to be false for a user to be synced
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GrafanaComSkipOrgRoleSync && isGrafanaComUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.OktaSkipOrgRoleSync && isOktaUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GithubSkipOrgRoleSync && isGithubUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.AzureADSkipOrgRoleSync && isAzureADUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GitLabSkipOrgRoleSync && isGitLabUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GenericOAuthSkipOrgRoleSync && isGenericOAuthUser) ||
-        (!config.auth.OAuthSkipOrgRoleUpdateSync && !config.auth.GoogleSkipOrgRoleSync && isGoogleUser));
+    const isUserSynced = !config.auth.DisableSyncLock && user?.isExternallySynced;

    const pageNav: NavModelItem = {
      text: user?.login ?? '',
@@ -164,13 +128,9 @@ export class UserAdminPage extends PureComponent<Props> {
                onUserEnable={this.onUserEnable}
                onPasswordChange={this.onPasswordChange}
              />
-              {!config.auth.LDAPSkipOrgRoleSync &&
-                isLDAPUser &&
-                featureEnabled('ldapsync') &&
-                ldapSyncInfo &&
-                canReadLDAPStatus && (
-                  <UserLdapSyncInfo ldapSyncInfo={ldapSyncInfo} user={user} onUserSync={this.onUserSync} />
-                )}
+              {isLDAPUser && isUserSynced && featureEnabled('ldapsync') && ldapSyncInfo && canReadLDAPStatus && (
+                <UserLdapSyncInfo ldapSyncInfo={ldapSyncInfo} user={user} onUserSync={this.onUserSync} />
+              )}
              <UserPermissions isGrafanaAdmin={user.isGrafanaAdmin} onGrafanaAdminChange={this.onGrafanaAdminChange} />
            </>
          )}
--- a/public/app/types/user.ts
+++ b/public/app/types/user.ts
@@ -46,6 +46,7 @@ export interface UserDTO extends WithAccessControlMetadata {
  permissions?: string[];
  teams?: Unit[];
  orgs?: Unit[];
+  isExternallySynced?: boolean;
 }

 export interface Invitee {