Oauth: Assign role from GF_USERS_AUTO_ASSIGN_ORG_ROLE for Azure AD Oauth (#34838) (#34938)

* 30555:Assign correct role with environment variable GF_USERS_AUTO_ASSIGN_ORG_ROLE * 30555:Remove unused condition (cherry picked from commit 48f6d6f7e6) Co-authored-by: idafurjes <36131195+idafurjes@users.noreply.github.com>
2025-02-25 18:55:37 -06:00 · 2021-05-31 09:18:24 -04:00 · 2021-05-31 09:18:24 -04:00 · ddb6922773
commit ddb6922773
parent d8c4981b77
2 changed files with 35 additions and 8 deletions
--- a/pkg/login/social/azuread_oauth.go
+++ b/pkg/login/social/azuread_oauth.go
@ -7,6 +7,7 @@ import (
 	"strings"

 	"github.com/grafana/grafana/pkg/models"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util/errutil"

 	"golang.org/x/oauth2"
@ -97,7 +98,7 @@ func extractEmail(claims azureClaims) string {

 func extractRole(claims azureClaims) models.RoleType {
 	if len(claims.Roles) == 0 {
-		return models.ROLE_VIEWER
+		return models.RoleType(setting.AutoAssignOrgRole)
 	}

 	roleOrder := []models.RoleType{
--- a/pkg/login/social/azuread_oauth_test.go
+++ b/pkg/login/social/azuread_oauth_test.go
@ -6,6 +6,7 @@ import (
 	"testing"
 	"time"

+	"github.com/grafana/grafana/pkg/setting"
 	"golang.org/x/oauth2"
 	"gopkg.in/square/go-jose.v2"
 	"gopkg.in/square/go-jose.v2/jwt"
@ -25,6 +26,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 		fields                   fields
 		claims                   *azureClaims
 		args                     args
+		settingAutoAssignOrgRole string
 		want                     *BasicUserInfo
 		wantErr                  bool
 	}{
@ -37,6 +39,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
+			settingAutoAssignOrgRole: "Viewer",
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@ -74,6 +77,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
+			settingAutoAssignOrgRole: "Viewer",
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@ -141,7 +145,26 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Groups:  []string{},
 			},
 		},
-
+		{
+			name: "role from env variable",
+			claims: &azureClaims{
+				Email:             "me@example.com",
+				PreferredUsername: "",
+				Roles:             []string{},
+				Name:              "My Name",
+				ID:                "1234",
+			},
+			settingAutoAssignOrgRole: "Editor",
+			want: &BasicUserInfo{
+				Id:      "1234",
+				Name:    "My Name",
+				Email:   "me@example.com",
+				Login:   "me@example.com",
+				Company: "",
+				Role:    "Editor",
+				Groups:  []string{},
+			},
+		},
 		{
 			name: "Editor role",
 			claims: &azureClaims{
@ -209,6 +232,7 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				Name:              "My Name",
 				ID:                "1234",
 			},
+			settingAutoAssignOrgRole: "Viewer",
 			want: &BasicUserInfo{
 				Id:      "1234",
 				Name:    "My Name",
@ -258,6 +282,8 @@ func TestSocialAzureAD_UserInfo(t *testing.T) {
 				token = token.WithExtra(map[string]interface{}{"id_token": raw})
 			}

+			setting.AutoAssignOrgRole = tt.settingAutoAssignOrgRole
+
 			got, err := s.UserInfo(tt.args.client, token)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("UserInfo() error = %v, wantErr %v", err, tt.wantErr)