Skip to content
Snippets Groups Projects
Commit 97020c65 authored by Rémi PAILHAREY's avatar Rémi PAILHAREY :fork_knife_plate:
Browse files

feat(oauth2): check if the connected user has the correct role

parent 6eb63808
No related branches found
No related tags found
3 merge requests!14feat: addprices + subject managment,!11feat: Add partners issue info,!8Feat/filter user group
Hide whitespace changes
Inline Side-by-side
Showing
with 12 additions and 0 deletions
internal/auth/oauth2.go
+ 12
0
View file @ 97020c65
......@@ -121,10 +121,22 @@ func (m Manager) HandleOAuth2Callback() http.Handler {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
// Trim the user roles in case they come from LDAP
for key, role := range user.Roles {
user.Roles[key] = strings.TrimPrefix(strings.Split(role, ",")[0], "CN=")
}
// Check if user has the correct role
err = checkUserHasRole(TokenData{User: user}, []string{AdminRole})
if err != nil {
// Log the connexion attempt
log.Printf("| %v (%v %v) | Login failed (Unauthorized user) | %v", user.Login, user.Name, user.Surname, req.RemoteAddr)
http.Redirect(w, r, "/", http.StatusFound)
return
}
// Store the user in cookie
// Generate
xsrfToken, err := common.GenerateRandomString(16)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment