Merge pull request #1800 from alienth/allowsignup

Add allow_sign_up setting for auth.google/github.
2024-11-28 03:34:15 -06:00 · 2015-04-19 09:16:48 +02:00 · 2015-04-19 09:16:48 +02:00 · aa8beda4ec
commit aa8beda4ec
parent 7178dcad35 ddaac50a25
5 changed files with 26 additions and 3 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize
 token_url = https://github.com/login/oauth/access_token
 api_url = https://api.github.com/user
 allowed_domains =
+allow_sign_up = false

 #################################### Google Auth ##########################
 [auth.google]
@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
 token_url = https://accounts.google.com/o/oauth2/token
 api_url = https://www.googleapis.com/oauth2/v1/userinfo
 allowed_domains =
+allow_sign_up = false

 #################################### Logging ##########################
 [log]
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
    scopes = user:email
    auth_url = https://github.com/login/oauth/authorize
    token_url = https://github.com/login/oauth/access_token
+    allow_sign_up = false

 Restart the grafana backend. You should now see a github login button on the login page. You can
 now login or signup with your github accounts.

+You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is
+set to true, any user successfully authenticating via github auth will be automatically signed up.
+
 ## [auth.google]
 You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project).
 When you create the project you will need to specify a callback URL. Specify this as callback:
@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
    auth_url = https://accounts.google.com/o/oauth2/auth
    token_url = https://accounts.google.com/o/oauth2/token
    allowed_domains = mycompany.com
+    allow_sign_up = false

 Restart the grafana backend. You should now see a google login button on the login page. You can
 now login or signup with your google accounts. `allowed_domains` option is optional.

+You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is
+set to true, any user successfully authenticating via google auth will be automatically signed up.
+
 <hr>
 ## [session]

--- a/pkg/api/login_oauth.go
+++ b/pkg/api/login_oauth.go
@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) {

 	// create account if missing
 	if err == m.ErrUserNotFound {
-		if !setting.AllowUserSignUp {
+		if !connect.IsSignupAllowed() {
 			ctx.Redirect(setting.AppSubUrl + "/login")
 			return
 		}
--- a/pkg/setting/setting_oauth.go
+++ b/pkg/setting/setting_oauth.go
@ -7,6 +7,7 @@ type OAuthInfo struct {
 	Enabled                bool
 	AllowedDomains         []string
 	ApiUrl                 string
+	AllowSignup            bool
 }

 type OAuther struct {
--- a/pkg/social/social.go
+++ b/pkg/social/social.go
@ -25,6 +25,7 @@ type SocialConnector interface {
 	Type() int
 	UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
 	IsEmailAllowed(email string) bool
+	IsSignupAllowed() bool

 	AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
 	Exchange(ctx context.Context, code string) (*oauth2.Token, error)
@ -52,6 +53,7 @@ func NewOAuthService() {
 			ApiUrl:         sec.Key("api_url").String(),
 			Enabled:        sec.Key("enabled").MustBool(),
 			AllowedDomains: sec.Key("allowed_domains").Strings(" "),
+			AllowSignup:    sec.Key("allow_sign_up").MustBool(),
 		}

 		if !info.Enabled {
@ -73,13 +75,13 @@ func NewOAuthService() {
 		// GitHub.
 		if name == "github" {
 			setting.OAuthService.GitHub = true
-			SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
+			SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
 		}

 		// Google.
 		if name == "google" {
 			setting.OAuthService.Google = true
-			SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
+			SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
 		}
 	}
 }
@ -102,6 +104,7 @@ type SocialGithub struct {
 	*oauth2.Config
 	allowedDomains []string
 	ApiUrl         string
+	allowSignup    bool
 }

 func (s *SocialGithub) Type() int {
@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool {
 	return isEmailAllowed(email, s.allowedDomains)
 }

+func (s *SocialGithub) IsSignupAllowed() bool {
+	return s.allowSignup
+}
+
 func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
 	var data struct {
 		Id    int    `json:"id"`
@ -150,6 +157,7 @@ type SocialGoogle struct {
 	*oauth2.Config
 	allowedDomains []string
 	ApiUrl         string
+	allowSignup    bool
 }

 func (s *SocialGoogle) Type() int {
@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool {
 	return isEmailAllowed(email, s.allowedDomains)
 }

+func (s *SocialGoogle) IsSignupAllowed() bool {
+	return s.allowSignup
+}
+
 func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
 	var data struct {
 		Id    string `json:"id"`