Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

NET-1064: Oauth User SignUp Approval Flow (#2874)

* add pending users api

* insert user to pending users on first time oauth login

* add pending user check on headless login

* fix conflicting apis

* no records error

* add allowed emails domains for oauth singup to config

* check if user is allowed to signup
Abhishek K 4 months ago
parent
3152c678e0
commit
0d4552db5e
15 changed files with 361 additions and 29 deletions
Split View Show Diff Stats
  1. 24 4
      auth/auth.go
  2. 24 3
      auth/azure-ad.go
  3. 26 1
      auth/error.go
  4. 24 3
      auth/github.go
  5. 24 3
      auth/google.go
  6. 13 8
      auth/headless_callback.go
  7. 24 3
      auth/oidc.go
  8. 1 0
      config/config.go
  9. 139 0
      controllers/user.go
  10. 3 1
      database/database.go
  11. 0 1
      logic/jwts.go
  12. 44 0
      logic/users.go
  13. 3 1
      scripts/netmaker.default.env
  14. 1 1
      scripts/nm-quick.sh
  15. 11 0
      servercfg/serverconf.go

+ 24 - 4
auth/auth.go
View File 

@@ -75,7 +75,7 @@ func InitializeAuthProvider() string {
 
 	if functions == nil {
 
 		return ""
 
 	}
 
-	var _, err = fetchPassValue(logic.RandomString(64))
 
+	var _, err = FetchPassValue(logic.RandomString(64))
 
 	if err != nil {
 
 		logger.Log(0, err.Error())
 
 		return ""
 
@@ -156,7 +156,7 @@ func HandleAuthLogin(w http.ResponseWriter, r *http.Request) {
 
 
 // IsOauthUser - returns
 
 func IsOauthUser(user *models.User) error {
 
-	var currentValue, err = fetchPassValue("")
 
+	var currentValue, err = FetchPassValue("")
 
 	if err != nil {
 
 		return err
 
 	}
 
@@ -246,7 +246,7 @@ func addUser(email string) error {
 
 		slog.Error("error checking for existence of admin user during OAuth login for", "email", email, "error", err)
 
 		return err
 
 	} // generate random password to adapt to current model
 
-	var newPass, fetchErr = fetchPassValue("")
 
+	var newPass, fetchErr = FetchPassValue("")
 
 	if fetchErr != nil {
 
 		return fetchErr
 
 	}
 
@@ -272,7 +272,7 @@ func addUser(email string) error {
 
 	return nil
 
 }
 
 
-func fetchPassValue(newValue string) (string, error) {
 
+func FetchPassValue(newValue string) (string, error) {
 
 
 	type valueHolder struct {
 
 		Value string `json:"value" bson:"value"`
 
@@ -334,3 +334,23 @@ func isStateCached(state string) bool {
 
 	_, err := netcache.Get(state)
 
 	return err == nil || strings.Contains(err.Error(), "expired")
 
 }
 
+
 
+// isEmailAllowed - checks if email is allowed to signup
 
+func isEmailAllowed(email string) bool {
 
+	allowedDomains := servercfg.GetAllowedEmailDomains()
 
+	domains := strings.Split(allowedDomains, ",")
 
+	if len(domains) == 1 && domains[0] == "*" {
 
+		return true
 
+	}
 
+	emailParts := strings.Split(email, "@")
 
+	if len(emailParts) < 2 {
 
+		return false
 
+	}
 
+	baseDomainOfEmail := emailParts[1]
 
+	for _, domain := range domains {
 
+		if domain == baseDomainOfEmail {
 
+			return true
 
+		}