IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-02 12:17:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add allow_sign_up override for auth.google/github.

Browse Source
This commit is contained in:
Jason Harvey 2015-04-09 17:15:19 -08:00
parent a446286869
commit ddaac50a25
5 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
conf/defaults.ini
View File

@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token token_url = https://github.com/login/oauth/access_token
api_url = https://api.github.com/user api_url = https://api.github.com/user
allowed_domains = allowed_domains =
allow_sign_up = false
#################################### Google Auth ########################## #################################### Google Auth ##########################
[auth.google] [auth.google]
@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token token_url = https://accounts.google.com/o/oauth2/token
api_url = https://www.googleapis.com/oauth2/v1/userinfo api_url = https://www.googleapis.com/oauth2/v1/userinfo
allowed_domains = allowed_domains =
allow_sign_up = false
#################################### Logging ########################## #################################### Logging ##########################
[log] [log]

8
docs/sources/installation/configuration.md
View File

@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
scopes = user:email scopes = user:email
auth_url = https://github.com/login/oauth/authorize auth_url = https://github.com/login/oauth/authorize
token_url = https://github.com/login/oauth/access_token token_url = https://github.com/login/oauth/access_token
allow_sign_up = false
Restart the grafana backend. You should now see a github login button on the login page. You can Restart the grafana backend. You should now see a github login button on the login page. You can
now login or signup with your github accounts. now login or signup with your github accounts.
You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is
set to true, any user successfully authenticating via github auth will be automatically signed up.
## [auth.google] ## [auth.google]
You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project). You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project).
When you create the project you will need to specify a callback URL. Specify this as callback: When you create the project you will need to specify a callback URL. Specify this as callback:
@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
auth_url = https://accounts.google.com/o/oauth2/auth auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token token_url = https://accounts.google.com/o/oauth2/token
allowed_domains = mycompany.com allowed_domains = mycompany.com
allow_sign_up = false
Restart the grafana backend. You should now see a google login button on the login page. You can Restart the grafana backend. You should now see a google login button on the login page. You can
now login or signup with your google accounts. `allowed_domains` option is optional. now login or signup with your google accounts. `allowed_domains` option is optional.
You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is
set to true, any user successfully authenticating via google auth will be automatically signed up.
<hr> <hr>
## [session] ## [session]

2
pkg/api/login_oauth.go
View File

@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) {
// create account if missing // create account if missing
if err == m.ErrUserNotFound { if err == m.ErrUserNotFound {
if !setting.AllowUserSignUp { if !connect.IsSignupAllowed() {
ctx.Redirect(setting.AppSubUrl + "/login") ctx.Redirect(setting.AppSubUrl + "/login")
return return
} }

1
pkg/setting/setting_oauth.go
View File

@ -7,6 +7,7 @@ type OAuthInfo struct {
Enabled bool Enabled bool
AllowedDomains []string AllowedDomains []string
ApiUrl string ApiUrl string
AllowSignup bool
} }
type OAuther struct { type OAuther struct {

16
pkg/social/social.go
View File

@ -25,6 +25,7 @@ type SocialConnector interface {
Type() int Type() int
UserInfo(token *oauth2.Token) (*BasicUserInfo, error) UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
IsEmailAllowed(email string) bool IsEmailAllowed(email string) bool
IsSignupAllowed() bool
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
Exchange(ctx context.Context, code string) (*oauth2.Token, error) Exchange(ctx context.Context, code string) (*oauth2.Token, error)
@ -52,6 +53,7 @@ func NewOAuthService() {
ApiUrl: sec.Key("api_url").String(), ApiUrl: sec.Key("api_url").String(),
Enabled: sec.Key("enabled").MustBool(), Enabled: sec.Key("enabled").MustBool(),
AllowedDomains: sec.Key("allowed_domains").Strings(" "), AllowedDomains: sec.Key("allowed_domains").Strings(" "),
AllowSignup: sec.Key("allow_sign_up").MustBool(),
} }
if !info.Enabled { if !info.Enabled {
@ -73,13 +75,13 @@ func NewOAuthService() {
// GitHub. // GitHub.
if name == "github" { if name == "github" {
setting.OAuthService.GitHub = true setting.OAuthService.GitHub = true
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl} SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
} }
// Google. // Google.
if name == "google" { if name == "google" {
setting.OAuthService.Google = true setting.OAuthService.Google = true
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl} SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
} }
} }
} }
@ -102,6 +104,7 @@ type SocialGithub struct {
*oauth2.Config *oauth2.Config
allowedDomains []string allowedDomains []string
ApiUrl string ApiUrl string
allowSignup bool
} }
func (s *SocialGithub) Type() int { func (s *SocialGithub) Type() int {
@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool {
return isEmailAllowed(email, s.allowedDomains) return isEmailAllowed(email, s.allowedDomains)
} }
func (s *SocialGithub) IsSignupAllowed() bool {
return s.allowSignup
}
func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) { func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
var data struct { var data struct {
Id int `json:"id"` Id int `json:"id"`
@ -150,6 +157,7 @@ type SocialGoogle struct {
*oauth2.Config *oauth2.Config
allowedDomains []string allowedDomains []string
ApiUrl string ApiUrl string
allowSignup bool
} }
func (s *SocialGoogle) Type() int { func (s *SocialGoogle) Type() int {
@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool {
return isEmailAllowed(email, s.allowedDomains) return isEmailAllowed(email, s.allowedDomains)
} }
func (s *SocialGoogle) IsSignupAllowed() bool {
return s.allowSignup
}
func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) { func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
var data struct { var data struct {
Id string `json:"id"` Id string `json:"id"`