feat: assign users to teams via OIDC claims #1393
|
@ -214,15 +214,12 @@ func HandleCallback(c echo.Context) error {
|
|||
return handler.HandleHTTPError(err, c)
|
||||
}
|
||||
|
||||
viehlieb marked this conversation as resolved
Outdated
|
||||
//TODO: fix this error check
|
||||
// nil is no problem
|
||||
|
||||
//find old teams for user through oidc
|
||||
oldOidcTeams, _ := models.FindAllOidcTeamIDsForUser(s, u.ID)
|
||||
viehlieb marked this conversation as resolved
Outdated
konrad
commented
Please don't call this "Sign out". That's a different thing. Please don't call this "Sign out". That's a different thing.
|
||||
var oidcTeams []int64
|
||||
if len(teamData) > 0 {
|
||||
//find old teams for user through oidc
|
||||
oldOidcTeams, _ := models.FindAllOidcTeamIDsForUser(s, u.ID)
|
||||
// check if we have seen these teams before.
|
||||
// find or create Teams and assign user as teammember.
|
||||
var oidcTeams []int64
|
||||
log.Debugf("TeamData is set %v", teamData)
|
||||
teams, err := GetOrCreateTeamsByOIDCAndNames(s, teamData, u)
|
||||
konrad marked this conversation as resolved
Outdated
konrad
commented
Doing this every time a user logs in probably has performance implications but that's a problem to care about when we'll hit it in the wild. Doing this every time a user logs in probably has performance implications but that's a problem to care about when we'll hit it in the wild.
viehlieb
commented
only if it has teamIDsToLeave, but yeah I agree. The problem is more the oidc structure itself, that you "have" to check for changes "everytime" you sign in.. only if it has teamIDsToLeave, but yeah I agree.
The problem is more the oidc structure itself, that you "have" to check for changes "everytime" you sign in..
|
||||
if err != nil {
|
||||
|
@ -242,8 +239,8 @@ func HandleCallback(c echo.Context) error {
|
|||
}
|
||||
oidcTeams = append(oidcTeams, team.ID)
|
||||
}
|
||||
SignOutFromOrDeleteTeamsByID(s, u, notIn(oldOidcTeams, oidcTeams))
|
||||
}
|
||||
SignOutFromOrDeleteTeamsByID(s, u, notIn(oldOidcTeams, oidcTeams))
|
||||
err = s.Commit()
|
||||
if err != nil {
|
||||
_ = s.Rollback()
|
||||
|
@ -345,12 +342,6 @@ func GetOrCreateTeamsByOIDCAndNames(s *xorm.Session, teamData []TeamData, u *use
|
|||
return te, err
|
||||
}
|
||||
|
||||
// assign user to team
|
||||
// remove user from team if not in group
|
||||
// if multiple teams found with same name -> do nothing
|
||||
// optional: assign by id
|
||||
//
|
||||
|
||||
func getOrCreateUser(s *xorm.Session, cl *claims, issuer, subject string) (u *user.User, err error) {
|
||||
|
||||
// Check if the user exists for that issuer and subject
|
||||
|
|
Loading…
Reference in New Issue
Block a user
Please don't ignore the error.