IntenseWebs/mattermost
3
0
Fork 0
mirror of https://github.com/mattermost/mattermost.git synced 2025-02-25 18:55:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

[MM-56491] Allow sysadmins to LDAP sync SAML users when SamlSettings.EnableSyncWithLdap is true (#25886)

Browse Source 
Co-authored-by: Mattermost Build <build@mattermost.com>
This commit is contained in:
Ben Cooke 2024-03-15 09:40:05 -04:00 committed by GitHub
parent 7c0a3b0297
commit b14213d329
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/channels/api4/ldap.go
View File

@ -433,7 +433,7 @@ func addUserToGroupSyncables(c *Context, w http.ResponseWriter, r *http.Request)
return return
} }
if user.AuthService != model.UserAuthServiceLdap { if user.AuthService != model.UserAuthServiceLdap && (user.AuthService != model.UserAuthServiceSaml || !*c.App.Config().SamlSettings.EnableSyncWithLdap) {
c.Err = model.NewAppError("addUserToGroupSyncables", "api.user.add_user_to_group_syncables.not_ldap_user.app_error", nil, "", http.StatusBadRequest) c.Err = model.NewAppError("addUserToGroupSyncables", "api.user.add_user_to_group_syncables.not_ldap_user.app_error", nil, "", http.StatusBadRequest)
return return
} }

24
server/channels/api4/ldap_test.go
View File

@ -309,4 +309,28 @@ func TestAddUserToGroupSyncables(t *testing.T) {
resp, err = th.SystemAdminClient.AddUserToGroupSyncables(context.Background(), user.Id) resp, err = th.SystemAdminClient.AddUserToGroupSyncables(context.Background(), user.Id)
require.NoError(t, err) require.NoError(t, err)
CheckOKStatus(t, resp) CheckOKStatus(t, resp)
t.Run("should sync SAML users when SamlSettings.EnableSyncWithLdap is true", func(t *testing.T) {
id = model.NewId()
user = &model.User{
Email: "test123@localhost",
Username: model.NewId(),
AuthData: &id,
AuthService: model.UserAuthServiceSaml,
}
user, err = th.App.Srv().Store().User().Save(th.Context, user)
require.NoError(t, err)
resp, err = th.Client.AddUserToGroupSyncables(context.Background(), user.Id)
require.Error(t, err)
CheckForbiddenStatus(t, resp)
th.App.UpdateConfig(func(cfg *model.Config) {
*cfg.SamlSettings.EnableSyncWithLdap = true
})
resp, err = th.SystemAdminClient.AddUserToGroupSyncables(context.Background(), user.Id)
require.NoError(t, err)
CheckOKStatus(t, resp)
})
} }

13
webapp/channels/src/components/admin_console/system_users/system_users_list_actions/index.tsx
View File

@ -12,7 +12,8 @@ import type {UserProfile} from '@mattermost/types/users';
import {updateUserActive} from 'mattermost-redux/actions/users'; import {updateUserActive} from 'mattermost-redux/actions/users';
import {Permissions} from 'mattermost-redux/constants'; import {Permissions} from 'mattermost-redux/constants';
import General from 'mattermost-redux/constants/general'; import General from 'mattermost-redux/constants/general';
import {getConfig, getLicense} from 'mattermost-redux/selectors/entities/general'; import {getConfig} from 'mattermost-redux/selectors/entities/admin';
import {getLicense} from 'mattermost-redux/selectors/entities/general';
import {isSystemAdmin, isGuest} from 'mattermost-redux/utils/user_utils'; import {isSystemAdmin, isGuest} from 'mattermost-redux/utils/user_utils';
import {adminResetMfa} from 'actions/admin_actions'; import {adminResetMfa} from 'actions/admin_actions';
@ -208,7 +209,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
}} }}
/> />
{config.EnableUserAccessTokens === 'true' && {config.ServiceSettings?.EnableUserAccessTokens &&
<Menu.Item <Menu.Item
id={`${menuItemIdPrefix}-manageTokens`} id={`${menuItemIdPrefix}-manageTokens`}
labels={ labels={
@ -244,7 +245,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
}} }}
/>} />}
{user.mfa_active && config.EnableMultifactorAuthentication && {user.mfa_active && config.ServiceSettings?.EnableMultifactorAuthentication &&
<Menu.Item <Menu.Item
id={`${menuItemIdPrefix}-removeMFA`} id={`${menuItemIdPrefix}-removeMFA`}
labels={ labels={
@ -260,7 +261,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
}} }}
/>} />}
{Boolean(user.auth_service) && config.ExperimentalEnableAuthenticationTransfer === 'true' && {Boolean(user.auth_service) && config.ServiceSettings?.ExperimentalEnableAuthenticationTransfer &&
<Menu.Item <Menu.Item
id={`${menuItemIdPrefix}-switchToEmailPassword`} id={`${menuItemIdPrefix}-switchToEmailPassword`}
labels={ labels={
@ -323,7 +324,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
})); }));
}} }}
/>} />}
{!isGuest(user.roles) && user.id !== currentUser.id && isLicensed && config.EnableGuestAccounts === 'true' && {!isGuest(user.roles) && user.id !== currentUser.id && isLicensed && config.GuestAccountsSettings?.Enable &&
<Menu.Item <Menu.Item
id={`${menuItemIdPrefix}-demoteToGuest`} id={`${menuItemIdPrefix}-demoteToGuest`}
labels={ labels={
@ -364,7 +365,7 @@ export function SystemUsersListAction({user, currentUser, tableId, rowIndex, onE
/>} />}
</SystemPermissionGate> </SystemPermissionGate>
<SystemPermissionGate permissions={[Permissions.SYSCONSOLE_WRITE_USERMANAGEMENT_GROUPS]}> <SystemPermissionGate permissions={[Permissions.SYSCONSOLE_WRITE_USERMANAGEMENT_GROUPS]}>
{user.auth_service === Constants.LDAP_SERVICE && {(user.auth_service === Constants.LDAP_SERVICE || (user.auth_service === Constants.SAML_SERVICE && config.SamlSettings?.EnableSyncWithLdap)) &&
<Menu.Item <Menu.Item
id={`${menuItemIdPrefix}-resyncUserViaLdapGroups`} id={`${menuItemIdPrefix}-resyncUserViaLdapGroups`}
labels={ labels={