Merge pull request #127 from LalitDeore/admin2

fix autoprovisining of users
Shuffle · Dec 20, 2024 · 23112a0 · 23112a0
2 parents 15ad3b3 + 092c297
commit 23112a0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/shared.go b/shared.go
@@ -11806,6 +11806,10 @@ func HandleEditOrg(resp http.ResponseWriter, request *http.Request) {
 		org.SSOConfig = tmpData.SSOConfig
 	}
 
+	if tmpData.SSOConfig.AutoProvision != org.SSOConfig.AutoProvision {
+		org.SSOConfig.AutoProvision = tmpData.SSOConfig.AutoProvision
+	}
+
 	if (tmpData.SSOConfig.OpenIdClientId != org.SSOConfig.OpenIdClientId) || (tmpData.SSOConfig.OpenIdAuthorization != org.SSOConfig.OpenIdAuthorization) {
 		org.SSOConfig = tmpData.SSOConfig
 	}
@@ -19327,6 +19331,14 @@ func HandleOpenId(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	//Don't create user if auto-provisioning is disabled
+	if org.SSOConfig.AutoProvision {
+		log.Printf("[INFO] Auto-provisioning is disable for id: %s", org.Id)
+		resp.WriteHeader(401)
+		resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Auto-provisioning is disabled for this organization. Please ask your administrator to enable it."}`)))
+		return
+	}
+
 	log.Printf("[AUDIT] Adding user %s to org %s (%s) through single sign-on", userName, org.Name, org.Id)
 	newUser := new(User)
 	// Random password to ensure its not empty
@@ -19856,6 +19868,14 @@ func HandleSSO(resp http.ResponseWriter, request *http.Request) {
 		return
 	}
 
+	//Don't create user if auto-provisioning is disabled
+	if foundOrg.SSOConfig.AutoProvision {
+		log.Printf("[INFO] Auto-provisioning is disable for id: %s", foundOrg.Id)
+		resp.WriteHeader(401)
+		resp.Write([]byte(fmt.Sprintf(`{"success": false, "reason": "Auto-provisioning is disabled for this organization. Please ask your administrator to enable it."}`)))
+		return
+	}
+
 	log.Printf("[AUDIT] Adding user %s to org %s (%s) through single sign-on", userName, foundOrg.Name, foundOrg.Id)
 	newUser := new(User)
 	// Random password to ensure its not empty

diff --git a/structs.go b/structs.go
@@ -2739,6 +2739,7 @@ type SSOConfig struct {
 	OpenIdAuthorization string `json:"openid_authorization" datastore:"openid_authorization"`
 	OpenIdToken         string `json:"openid_token" datastore:"openid_token"`
 	SSORequired         bool   `json:"SSORequired" datastore:"SSORequired"`
+	AutoProvision       bool   `json:"auto_provision" datastore:"auto_provision"`
 }
 
 type SamlRequest struct {