mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
190 lines
4.2 KiB
Go
190 lines
4.2 KiB
Go
package login
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/log"
|
|
m "github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/quota"
|
|
)
|
|
|
|
func init() {
|
|
bus.AddHandler("auth", UpsertUser)
|
|
}
|
|
|
|
func UpsertUser(cmd *m.UpsertUserCommand) error {
|
|
extUser := cmd.ExternalUser
|
|
|
|
userQuery := &m.GetUserByAuthInfoQuery{
|
|
AuthModule: extUser.AuthModule,
|
|
AuthId: extUser.AuthId,
|
|
UserId: extUser.UserId,
|
|
Email: extUser.Email,
|
|
Login: extUser.Login,
|
|
}
|
|
err := bus.Dispatch(userQuery)
|
|
if err != nil {
|
|
if err != m.ErrUserNotFound {
|
|
return err
|
|
}
|
|
|
|
if !cmd.SignupAllowed {
|
|
log.Warn(fmt.Sprintf("Not allowing %s login, user not found in internal user database and allow signup = false", extUser.AuthModule))
|
|
return ErrInvalidCredentials
|
|
}
|
|
|
|
limitReached, err := quota.QuotaReached(cmd.ReqContext, "user")
|
|
if err != nil {
|
|
log.Warn("Error getting user quota", "err", err)
|
|
return ErrGettingUserQuota
|
|
}
|
|
if limitReached {
|
|
return ErrUsersQuotaReached
|
|
}
|
|
|
|
cmd.Result, err = createUser(extUser)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if extUser.AuthModule != "" && extUser.AuthId != "" {
|
|
cmd2 := &m.SetAuthInfoCommand{
|
|
UserId: cmd.Result.Id,
|
|
AuthModule: extUser.AuthModule,
|
|
AuthId: extUser.AuthId,
|
|
}
|
|
if err := bus.Dispatch(cmd2); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
} else {
|
|
cmd.Result = userQuery.Result
|
|
|
|
// sync user info
|
|
err = updateUser(cmd.Result, extUser)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return syncOrgRoles(cmd.Result, extUser)
|
|
}
|
|
|
|
func createUser(extUser *m.ExternalUserInfo) (*m.User, error) {
|
|
cmd := &m.CreateUserCommand{
|
|
Login: extUser.Login,
|
|
Email: extUser.Email,
|
|
Name: extUser.Name,
|
|
SkipOrgSetup: len(extUser.OrgRoles) > 0,
|
|
}
|
|
if err := bus.Dispatch(cmd); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &cmd.Result, nil
|
|
}
|
|
|
|
func updateUser(user *m.User, extUser *m.ExternalUserInfo) error {
|
|
// sync user info
|
|
updateCmd := &m.UpdateUserCommand{
|
|
UserId: user.Id,
|
|
}
|
|
needsUpdate := false
|
|
|
|
if extUser.Login != "" && extUser.Login != user.Login {
|
|
updateCmd.Login = extUser.Login
|
|
user.Login = extUser.Login
|
|
needsUpdate = true
|
|
}
|
|
if extUser.Email != "" && extUser.Email != user.Email {
|
|
updateCmd.Email = extUser.Email
|
|
user.Email = extUser.Email
|
|
needsUpdate = true
|
|
}
|
|
if extUser.Name != "" && extUser.Name != user.Name {
|
|
updateCmd.Name = extUser.Name
|
|
user.Name = extUser.Name
|
|
needsUpdate = true
|
|
}
|
|
|
|
if needsUpdate {
|
|
log.Debug("Syncing user info", "id", user.Id, "update", updateCmd)
|
|
err := bus.Dispatch(updateCmd)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func syncOrgRoles(user *m.User, extUser *m.ExternalUserInfo) error {
|
|
// don't sync org roles if none are specified
|
|
if len(extUser.OrgRoles) == 0 {
|
|
return nil
|
|
}
|
|
|
|
orgsQuery := &m.GetUserOrgListQuery{UserId: user.Id}
|
|
if err := bus.Dispatch(orgsQuery); err != nil {
|
|
return err
|
|
}
|
|
|
|
handledOrgIds := map[int64]bool{}
|
|
deleteOrgIds := []int64{}
|
|
|
|
// update existing org roles
|
|
for _, org := range orgsQuery.Result {
|
|
handledOrgIds[org.OrgId] = true
|
|
|
|
if extUser.OrgRoles[org.OrgId] == "" {
|
|
deleteOrgIds = append(deleteOrgIds, org.OrgId)
|
|
} else if extUser.OrgRoles[org.OrgId] != org.Role {
|
|
// update role
|
|
cmd := &m.UpdateOrgUserCommand{OrgId: org.OrgId, UserId: user.Id, Role: extUser.OrgRoles[org.OrgId]}
|
|
if err := bus.Dispatch(cmd); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
// add any new org roles
|
|
for orgId, orgRole := range extUser.OrgRoles {
|
|
if _, exists := handledOrgIds[orgId]; exists {
|
|
continue
|
|
}
|
|
|
|
// add role
|
|
cmd := &m.AddOrgUserCommand{UserId: user.Id, Role: orgRole, OrgId: orgId}
|
|
err := bus.Dispatch(cmd)
|
|
if err != nil && err != m.ErrOrgNotFound {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// delete any removed org roles
|
|
for _, orgId := range deleteOrgIds {
|
|
cmd := &m.RemoveOrgUserCommand{OrgId: orgId, UserId: user.Id}
|
|
if err := bus.Dispatch(cmd); err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
// update user's default org if needed
|
|
if _, ok := extUser.OrgRoles[user.OrgId]; !ok {
|
|
for orgId := range extUser.OrgRoles {
|
|
user.OrgId = orgId
|
|
break
|
|
}
|
|
err := bus.Dispatch(&m.SetUsingOrgCommand{
|
|
UserId: user.Id,
|
|
OrgId: user.OrgId,
|
|
})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|