From 5d5ea971c7a9ef4e91939879140841d940c7b68e Mon Sep 17 00:00:00 2001 From: viehlieb Date: Wed, 6 Dec 2023 14:43:56 +0100 Subject: [PATCH] tiny changes in openid.go, revert error.go, link to docs --- config.yml.sample | 4 ++-- pkg/models/error.go | 2 +- pkg/modules/auth/openid/openid.go | 18 ++++++++---------- 3 files changed, 11 insertions(+), 13 deletions(-) diff --git a/config.yml.sample b/config.yml.sample index ac0a3c8b58..f81eb0b03a 100644 --- a/config.yml.sample +++ b/config.yml.sample @@ -203,7 +203,7 @@ ratelimit: # Possible values are "keyvalue", "memory" or "redis". # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section. store: keyvalue - # The number of requests a user can make from the same IP to all unauthenticated routes (login, register, + # The number of requests a user can make from the same IP to all unauthenticated routes (login, register, # password confirmation, email verification, password reset request) per minute. This limit cannot be disabled. # You should only change this if you know what you're doing. noauthlimit: 10 @@ -326,7 +326,7 @@ auth: # The client secret used to authenticate Vikunja at the OpenID Connect provider. clientsecret: # The scope necessary to use oidc. - # If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://kolaente.dev/vikunja/api/src/branch/main/pkg/modules/auth/openid/openid.md) + # If you want to use the Feature to create and assign to vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/) # e.g. scope: openid email profile vikunja_scope scope: openid email profile diff --git a/pkg/models/error.go b/pkg/models/error.go index 94de840e8e..2e31a6e58b 100644 --- a/pkg/models/error.go +++ b/pkg/models/error.go @@ -1081,7 +1081,7 @@ func (err ErrTeamDoesNotExist) HTTPError() web.HTTPError { return web.HTTPError{HTTPCode: http.StatusNotFound, Code: ErrCodeTeamDoesNotExist, Message: "This team does not exist."} } -// ErrTeamAlreadyHasAccess represents an error where a team already has access to a list/namespace +// ErrTeamAlreadyHasAccess represents an error where a team already has access to a project type ErrTeamAlreadyHasAccess struct { TeamID int64 ID int64 diff --git a/pkg/modules/auth/openid/openid.go b/pkg/modules/auth/openid/openid.go index 5f37f5c528..1f80445cca 100644 --- a/pkg/modules/auth/openid/openid.go +++ b/pkg/modules/auth/openid/openid.go @@ -286,13 +286,8 @@ func RemoveUserFromTeamsByIds(s *xorm.Session, u *user.User, teamIDs []int64) (e return nil } - strSlice := make([]string, len(teamIDs)) - for i, num := range teamIDs { - strSlice[i] = strconv.FormatInt(num, 10) - } - - log.Debugf("Removing team_member with user_id %v from team_ids %v", u.ID, strings.Join(strSlice, ",")) - _, err = s.Where("team_id IN (?) AND user_id = ?", strings.Join(strSlice, ","), u.ID).Delete(&models.TeamMember{}) + log.Debugf("Removing team_member with user_id %v from team_ids %v", u.ID, teamIDs) + _, err = s.In("team_id", teamIDs).And("user_id = ?", u.ID).Delete(&models.TeamMember{}) return err } @@ -303,13 +298,16 @@ func getTeamDataFromToken(groups []map[string]interface{}, provider *Provider) ( var name string var description string var oidcID string - if team["name"] != nil { + _, exists := team["name"] + if exists { name = team["name"].(string) } - if team["description"] != nil { + _, exists = team["description"] + if exists { description = team["description"].(string) } - if team["oidcID"] != nil { + _, exists = team["oidcID"] + if exists { switch t := team["oidcID"].(type) { case int64: oidcID = strconv.FormatInt(team["oidcID"].(int64), 10)