zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-06 09:22:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

NET-1064: Oauth User SignUp Approval Flow (#2874)

Browse Source 
* add pending users api

* insert user to pending users on first time oauth login

* add pending user check on headless login

* fix conflicting apis

* no records error

* add allowed emails domains for oauth singup to config

* check if user is allowed to signup
This commit is contained in:
Abhishek K
2024-04-03 11:20:19 +05:30
committed by GitHub
parent 3152c678e0
commit 0d4552db5e
15 changed files with 361 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
auth/auth.go
View File

@@ -75,7 +75,7 @@ func InitializeAuthProvider() string {
if functions == nil {
return ""
}
var _, err = fetchPassValue(logic.RandomString(64))
var _, err = FetchPassValue(logic.RandomString(64))
if err != nil {
logger.Log(0, err.Error())
return ""
@@ -156,7 +156,7 @@ func HandleAuthLogin(w http.ResponseWriter, r *http.Request) {
// IsOauthUser - returns
func IsOauthUser(user *models.User) error {
var currentValue, err = fetchPassValue("")
var currentValue, err = FetchPassValue("")
if err != nil {
return err
}
@@ -246,7 +246,7 @@ func addUser(email string) error {
slog.Error("error checking for existence of admin user during OAuth login for", "email", email, "error", err)
return err
} // generate random password to adapt to current model
var newPass, fetchErr = fetchPassValue("")
var newPass, fetchErr = FetchPassValue("")
if fetchErr != nil {
return fetchErr
}
@@ -272,7 +272,7 @@ func addUser(email string) error {
return nil
}
func fetchPassValue(newValue string) (string, error) {
func FetchPassValue(newValue string) (string, error) {
type valueHolder struct {
Value string `json:"value" bson:"value"`
@@ -334,3 +334,23 @@ func isStateCached(state string) bool {
_, err := netcache.Get(state)
return err == nil || strings.Contains(err.Error(), "expired")
}
// isEmailAllowed - checks if email is allowed to signup
func isEmailAllowed(email string) bool {
allowedDomains := servercfg.GetAllowedEmailDomains()
domains := strings.Split(allowedDomains, ",")
if len(domains) == 1 && domains[0] == "*" {
return true
}
emailParts := strings.Split(email, "@")
if len(emailParts) < 2 {
return false
}
baseDomainOfEmail := emailParts[1]
for _, domain := range domains {
if domain == baseDomainOfEmail {
return true
}
}
return false
}