Merge pull request #127 from LalitDeore/admin2

frikky · web-flow · commit 23112a0f2076 · 2024-12-20T21:49:40.000+02:00
fix autoprovisining of users
diff --git a/shared.go b/shared.go
@@ -11806,6 +11806,10 @@ func HandleEditOrg(resp http.ResponseWriter, request *http.Request) {
 		org.SSOConfig = tmpData.SSOConfig
 	}
 
+	if tmpData.SSOConfig.AutoProvision != org.SSOConfig.AutoProvision {
+		org.SSOConfig.AutoProvision = tmpData.SSOConfig.AutoProvision
+	}
+
 	if (tmpData.SSOConfig.OpenIdClientId != org.SSOConfig.OpenIdClientId) || (tmpData.SSOConfig.OpenIdAuthorization != org.SSOConfig.OpenIdAuthorization) {
 		org.SSOConfig = tmpData.SSOConfig
 	}
@@ -19327,6 +19331,14 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	//Don't create user if auto-provisioning is disabled
+	if org.SSOConfig.AutoProvision {
+		log.Printf("[INFO] Auto-provisioning is disable for id: %s", org.Id)
+		resp.WriteHeader(401)
+		resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Auto-provisioning is disabled for this organization. Please ask your administrator to enable it."}`)))
+		return
+	}
+
 	log.Printf("[AUDIT] Adding user %s to org %s (%s) through single sign-on", userName, org.Name, org.Id)
 	newUser := new(User)
 	// Random password to ensure its not empty
@@ -19856,6 +19868,14 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	//Don't create user if auto-provisioning is disabled
+	if foundOrg.SSOConfig.AutoProvision {
+		log.Printf("[INFO] Auto-provisioning is disable for id: %s", foundOrg.Id)
+		resp.WriteHeader(401)
+		resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Auto-provisioning is disabled for this organization. Please ask your administrator to enable it."}`)))
+		return
+	}
+
 	log.Printf("[AUDIT] Adding user %s to org %s (%s) through single sign-on", userName, foundOrg.Name, foundOrg.Id)
 	newUser := new(User)
 	// Random password to ensure its not empty
diff --git a/structs.go b/structs.go
@@ -2739,6 +2739,7 @@ type SSOConfig struct {
 	OpenIdAuthorization string `json:"openid_authorization" datastore:"openid_authorization"`
 	OpenIdToken         string `json:"openid_token" datastore:"openid_token"`
 	SSORequired         bool   `json:"SSORequired" datastore:"SSORequired"`
+	AutoProvision       bool   `json:"auto_provision" datastore:"auto_provision"`
 }
 
 type SamlRequest struct {

Original file line number	Diff line number	Diff line change
`@@ -2739,6 +2739,7 @@ type SSOConfig struct {`
`2739`	`2739`	OpenIdAuthorization string `json:"openid_authorization" datastore:"openid_authorization"`
`2740`	`2740`	OpenIdToken string `json:"openid_token" datastore:"openid_token"`
`2741`	`2741`	SSORequired bool `json:"SSORequired" datastore:"SSORequired"`
	`2742`	+ AutoProvision bool `json:"auto_provision" datastore:"auto_provision"`
`2742`	`2743`	`}`
`2743`	`2744`
`2744`	`2745`	`type SamlRequest struct {`