Add allow_sign_up override for auth.google/github.

This commit is contained in:
Jason Harvey 2015-04-09 17:15:19 -08:00
parent a446286869
commit ddaac50a25
5 changed files with 26 additions and 3 deletions

View File

@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
api_url = https://api.github.com/user
allowed_domains =
allow_sign_up = false
#################################### Google Auth ##########################
[auth.google]
@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token
api_url = https://www.googleapis.com/oauth2/v1/userinfo
allowed_domains =
allow_sign_up = false
#################################### Logging ##########################
[log]

View File

@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
scopes = user:email
auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token
allow_sign_up = false
Restart the grafana backend. You should now see a github login button on the login page. You can
now login or signup with your github accounts.
You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is
set to true, any user successfully authenticating via github auth will be automatically signed up.
## [auth.google]
You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project).
When you create the project you will need to specify a callback URL. Specify this as callback:
@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token
allowed_domains = mycompany.com
allow_sign_up = false
Restart the grafana backend. You should now see a google login button on the login page. You can
now login or signup with your google accounts. `allowed_domains` option is optional.
You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is
set to true, any user successfully authenticating via google auth will be automatically signed up.
<hr>
## [session]

View File

@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) {
// create account if missing
if err == m.ErrUserNotFound {
if !setting.AllowUserSignUp {
if !connect.IsSignupAllowed() {
ctx.Redirect(setting.AppSubUrl + "/login")
return
}

View File

@ -7,6 +7,7 @@ type OAuthInfo struct {
Enabled bool
AllowedDomains []string
ApiUrl string
AllowSignup bool
}
type OAuther struct {

View File

@ -25,6 +25,7 @@ type SocialConnector interface {
Type() int
UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
IsEmailAllowed(email string) bool
IsSignupAllowed() bool
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
Exchange(ctx context.Context, code string) (*oauth2.Token, error)
@ -52,6 +53,7 @@ func NewOAuthService() {
ApiUrl: sec.Key("api_url").String(),
Enabled: sec.Key("enabled").MustBool(),
AllowedDomains: sec.Key("allowed_domains").Strings(" "),
AllowSignup: sec.Key("allow_sign_up").MustBool(),
}
if !info.Enabled {
@ -73,13 +75,13 @@ func NewOAuthService() {
// GitHub.
if name == "github" {
setting.OAuthService.GitHub = true
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
}
// Google.
if name == "google" {
setting.OAuthService.Google = true
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
}
}
}
@ -102,6 +104,7 @@ type SocialGithub struct {
*oauth2.Config
allowedDomains []string
ApiUrl string
allowSignup bool
}
func (s *SocialGithub) Type() int {
@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool {
return isEmailAllowed(email, s.allowedDomains)
}
func (s *SocialGithub) IsSignupAllowed() bool {
return s.allowSignup
}
func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
var data struct {
Id int `json:"id"`
@ -150,6 +157,7 @@ type SocialGoogle struct {
*oauth2.Config
allowedDomains []string
ApiUrl string
allowSignup bool
}
func (s *SocialGoogle) Type() int {
@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool {
return isEmailAllowed(email, s.allowedDomains)
}
func (s *SocialGoogle) IsSignupAllowed() bool {
return s.allowSignup
}
func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
var data struct {
Id string `json:"id"`