mirror of
https://github.com/grafana/grafana.git
synced 2025-01-02 12:17:01 -06:00
Add allow_sign_up override for auth.google/github.
This commit is contained in:
parent
a446286869
commit
ddaac50a25
@ -143,6 +143,7 @@ auth_url = https://github.com/login/oauth/authorize
|
||||
token_url = https://github.com/login/oauth/access_token
|
||||
api_url = https://api.github.com/user
|
||||
allowed_domains =
|
||||
allow_sign_up = false
|
||||
|
||||
#################################### Google Auth ##########################
|
||||
[auth.google]
|
||||
@ -154,6 +155,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
|
||||
token_url = https://accounts.google.com/o/oauth2/token
|
||||
api_url = https://www.googleapis.com/oauth2/v1/userinfo
|
||||
allowed_domains =
|
||||
allow_sign_up = false
|
||||
|
||||
#################################### Logging ##########################
|
||||
[log]
|
||||
|
@ -181,10 +181,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
|
||||
scopes = user:email
|
||||
auth_url = https://github.com/login/oauth/authorize
|
||||
token_url = https://github.com/login/oauth/access_token
|
||||
allow_sign_up = false
|
||||
|
||||
Restart the grafana backend. You should now see a github login button on the login page. You can
|
||||
now login or signup with your github accounts.
|
||||
|
||||
You may allow users to sign-up via github auth by setting allow_sign_up to true. When this option is
|
||||
set to true, any user successfully authenticating via github auth will be automatically signed up.
|
||||
|
||||
## [auth.google]
|
||||
You need to create a google project. You can do this in the [Google Developer Console](https://console.developers.google.com/project).
|
||||
When you create the project you will need to specify a callback URL. Specify this as callback:
|
||||
@ -203,10 +207,14 @@ Client ID and a Client Secret. Specify these in the grafana config file. Example
|
||||
auth_url = https://accounts.google.com/o/oauth2/auth
|
||||
token_url = https://accounts.google.com/o/oauth2/token
|
||||
allowed_domains = mycompany.com
|
||||
allow_sign_up = false
|
||||
|
||||
Restart the grafana backend. You should now see a google login button on the login page. You can
|
||||
now login or signup with your google accounts. `allowed_domains` option is optional.
|
||||
|
||||
You may allow users to sign-up via google auth by setting allow_sign_up to true. When this option is
|
||||
set to true, any user successfully authenticating via google auth will be automatically signed up.
|
||||
|
||||
<hr>
|
||||
## [session]
|
||||
|
||||
|
@ -63,7 +63,7 @@ func OAuthLogin(ctx *middleware.Context) {
|
||||
|
||||
// create account if missing
|
||||
if err == m.ErrUserNotFound {
|
||||
if !setting.AllowUserSignUp {
|
||||
if !connect.IsSignupAllowed() {
|
||||
ctx.Redirect(setting.AppSubUrl + "/login")
|
||||
return
|
||||
}
|
||||
|
@ -7,6 +7,7 @@ type OAuthInfo struct {
|
||||
Enabled bool
|
||||
AllowedDomains []string
|
||||
ApiUrl string
|
||||
AllowSignup bool
|
||||
}
|
||||
|
||||
type OAuther struct {
|
||||
|
@ -25,6 +25,7 @@ type SocialConnector interface {
|
||||
Type() int
|
||||
UserInfo(token *oauth2.Token) (*BasicUserInfo, error)
|
||||
IsEmailAllowed(email string) bool
|
||||
IsSignupAllowed() bool
|
||||
|
||||
AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string
|
||||
Exchange(ctx context.Context, code string) (*oauth2.Token, error)
|
||||
@ -52,6 +53,7 @@ func NewOAuthService() {
|
||||
ApiUrl: sec.Key("api_url").String(),
|
||||
Enabled: sec.Key("enabled").MustBool(),
|
||||
AllowedDomains: sec.Key("allowed_domains").Strings(" "),
|
||||
AllowSignup: sec.Key("allow_sign_up").MustBool(),
|
||||
}
|
||||
|
||||
if !info.Enabled {
|
||||
@ -73,13 +75,13 @@ func NewOAuthService() {
|
||||
// GitHub.
|
||||
if name == "github" {
|
||||
setting.OAuthService.GitHub = true
|
||||
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
|
||||
SocialMap["github"] = &SocialGithub{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
|
||||
}
|
||||
|
||||
// Google.
|
||||
if name == "google" {
|
||||
setting.OAuthService.Google = true
|
||||
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl}
|
||||
SocialMap["google"] = &SocialGoogle{Config: &config, allowedDomains: info.AllowedDomains, ApiUrl: info.ApiUrl, allowSignup: info.AllowSignup}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -102,6 +104,7 @@ type SocialGithub struct {
|
||||
*oauth2.Config
|
||||
allowedDomains []string
|
||||
ApiUrl string
|
||||
allowSignup bool
|
||||
}
|
||||
|
||||
func (s *SocialGithub) Type() int {
|
||||
@ -112,6 +115,10 @@ func (s *SocialGithub) IsEmailAllowed(email string) bool {
|
||||
return isEmailAllowed(email, s.allowedDomains)
|
||||
}
|
||||
|
||||
func (s *SocialGithub) IsSignupAllowed() bool {
|
||||
return s.allowSignup
|
||||
}
|
||||
|
||||
func (s *SocialGithub) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
|
||||
var data struct {
|
||||
Id int `json:"id"`
|
||||
@ -150,6 +157,7 @@ type SocialGoogle struct {
|
||||
*oauth2.Config
|
||||
allowedDomains []string
|
||||
ApiUrl string
|
||||
allowSignup bool
|
||||
}
|
||||
|
||||
func (s *SocialGoogle) Type() int {
|
||||
@ -160,6 +168,10 @@ func (s *SocialGoogle) IsEmailAllowed(email string) bool {
|
||||
return isEmailAllowed(email, s.allowedDomains)
|
||||
}
|
||||
|
||||
func (s *SocialGoogle) IsSignupAllowed() bool {
|
||||
return s.allowSignup
|
||||
}
|
||||
|
||||
func (s *SocialGoogle) UserInfo(token *oauth2.Token) (*BasicUserInfo, error) {
|
||||
var data struct {
|
||||
Id string `json:"id"`
|
||||
|
Loading…
Reference in New Issue
Block a user