diff --git a/conf/defaults.ini b/conf/defaults.ini index 1c158e97a10..042f1a5574c 100644 --- a/conf/defaults.ini +++ b/conf/defaults.ini @@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize token_url = https://github.com/login/oauth/access_token api_url = https://api.github.com/user allowed_domains = +allow_sign_up = false #################################### Google Auth ########################## [auth.google] @@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth token_url = https://accounts.google.com/o/oauth2/token api_url = https://www.googleapis.com/oauth2/v1/userinfo allowed_domains = +allow_sign_up = false #################################### Logging ########################## [log] diff --git a/docs/sources/installation/configuration.md b/docs/sources/installation/configuration.md index e28583b4d1d..c9a9bc14ab4 100644 --- a/docs/sources/installation/configuration.md +++ b/docs/sources/installation/configuration.md @@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example scopes = user:email auth_url = https://github.com/login/oauth/authorize token_url = https://github.com/login/oauth/access_token + allow_sign_up = false Restart the grafana backend. You should now see a github login button on the login page. You can now login or signup with your github accounts. +You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is +set to true, any user successfully authenticating via github auth will be automatically signed up. + ## [auth.google] You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project). When you create the project you will need to specify a callback URL. Specify this as callback: @@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example auth_url = https://accounts.google.com/o/oauth2/auth token_url = https://accounts.google.com/o/oauth2/token allowed_domains = mycompany.com + allow_sign_up = false Restart the grafana backend. You should now see a google login button on the login page. You can now login or signup with your google accounts. `allowed_domains` option is optional. +You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is +set to true, any user successfully authenticating via google auth will be automatically signed up. +
## [session] diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go index c960d16e368..11d62754a18 100644 --- a/pkg/api/login_oauth.go +++ b/pkg/api/login_oauth.go @@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) { // create account if missing if err == m.ErrUserNotFound { - if !setting.AllowUserSignUp { + if !connect.IsSignupAllowed() { ctx.Redirect(setting.AppSubUrl + "/login") return } diff --git a/pkg/setting/setting_oauth.go b/pkg/setting/setting_oauth.go index 970958d1a8d..db2f0fb3802 100644 --- a/pkg/setting/setting_oauth.go +++ b/pkg/setting/setting_oauth.go @@ -7,6 +7,7 @@ type OAuthInfo struct { Enabled bool AllowedDomains []string ApiUrl string + AllowSignup bool } type OAuther struct { diff --git a/pkg/social/social.go b/pkg/social/social.go index d9ff66514c9..47c7ea5dc38 100644 --- a/pkg/social/social.go +++ b/pkg/social/social.go @@ -25,6 +25,7 @@ type SocialConnector interface { Type() int UserInfo(token *oauth2.Token) (*BasicUserInfo, error) IsEmailAllowed(email string) bool + IsSignupAllowed() bool AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string Exchange(ctx context.Context, code string) (*oauth2.Token, error) @@ -52,6 +53,7 @@ func NewOAuthService() { ApiUrl: sec.Key("api_url").String(), Enabled: sec.Key("enabled").MustBool(), AllowedDomains: sec.Key("allowed_domains").Strings(" "), + AllowSignup: sec.Key("allow_sign_up").MustBool(), } if !info.Enabled { @@ -73,13 +75,13 @@ func NewOAuthService() { // GitHub. if name == "github" { setting.OAuthService.GitHub = true - SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl} + SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup} } // Google. if name == "google" { setting.OAuthService.Google = true - SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl} + SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup} } } } @@ -102,6 +104,7 @@ type SocialGithub struct { *oauth2.Config allowedDomains []string ApiUrl string + allowSignup bool } func (s *SocialGithub) Type() int { @@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool { return isEmailAllowed(email, s.allowedDomains) } +func (s *SocialGithub) IsSignupAllowed() bool { + return s.allowSignup +} + func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) { var data struct { Id int `json:"id"` @@ -150,6 +157,7 @@ type SocialGoogle struct { *oauth2.Config allowedDomains []string ApiUrl string + allowSignup bool } func (s *SocialGoogle) Type() int { @@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool { return isEmailAllowed(email, s.allowedDomains) } +func (s *SocialGoogle) IsSignupAllowed() bool { + return s.allowSignup +} + func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) { var data struct { Id string `json:"id"`