IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

AzureAD: Don't copy claims around (#52950)

Browse Source
This commit is contained in:
Jo 2022-07-29 08:17:07 +00:00 committed by GitHub
parent 197acd73c0
commit ff1c294963
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkg/login/social/azuread_oauth.go
View File

@ -65,12 +65,12 @@ func (s *SocialAzureAD) UserInfo(client *http.Client, token *oauth2.Token) (*Bas
return nil, fmt.Errorf("error getting claims from id token: %w", err)
}
email := extractEmail(claims)
email := claims.extractEmail()
if email == "" {
return nil, errors.New("error getting user info: no email found in access token")
}
role := extractRole(claims, s.autoAssignOrgRole, s.roleAttributeStrict)
role := claims.extractRole(s.autoAssignOrgRole, s.roleAttributeStrict)
if role == "" {
return nil, errors.New("user does not have a valid role")
}
@ -112,7 +112,7 @@ func (s *SocialAzureAD) IsGroupMember(groups []string) bool {
return false
}
func extractEmail(claims azureClaims) string {
func (claims *azureClaims) extractEmail() string {
if claims.Email == "" {
if claims.PreferredUsername != "" {
return claims.PreferredUsername
@ -122,7 +122,7 @@ func extractEmail(claims azureClaims) string {
return claims.Email
}
func extractRole(claims azureClaims, autoAssignRole string, strictMode bool) models.RoleType {
func (claims *azureClaims) extractRole(autoAssignRole string, strictMode bool) models.RoleType {
if len(claims.Roles) == 0 {
if strictMode {
return models.RoleType("")