mirror of
https://github.com/woodpecker-ci/woodpecker.git
synced 2024-11-30 05:41:12 +00:00
Merge pull request #1486 from Bugagazavr/gitlab-group-verify
GitLab allowed groups for login
This commit is contained in:
commit
35b9c0ff9a
3 changed files with 77 additions and 20 deletions
53
remote/gitlab/client/groups.go
Normal file
53
remote/gitlab/client/groups.go
Normal file
|
@ -0,0 +1,53 @@
|
|||
package client
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"strconv"
|
||||
)
|
||||
|
||||
const (
|
||||
groupsUrl = "/groups"
|
||||
)
|
||||
|
||||
// Get a list of all projects owned by the authenticated user.
|
||||
func (g *Client) AllGroups() ([]*Namespace, error) {
|
||||
var perPage = 100
|
||||
var groups []*Namespace
|
||||
|
||||
for i := 1; true; i++ {
|
||||
contents, err := g.Groups(i, perPage)
|
||||
if err != nil {
|
||||
return groups, err
|
||||
}
|
||||
|
||||
for _, value := range contents {
|
||||
groups = append(groups, value)
|
||||
}
|
||||
|
||||
if len(groups) == 0 {
|
||||
break
|
||||
}
|
||||
|
||||
if len(groups)/i < perPage {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return groups, nil
|
||||
}
|
||||
|
||||
func (g *Client) Groups(page, perPage int) ([]*Namespace, error) {
|
||||
url, opaque := g.ResourceUrl(groupsUrl, nil, QMap{
|
||||
"page": strconv.Itoa(page),
|
||||
"per_page": strconv.Itoa(perPage),
|
||||
})
|
||||
|
||||
var groups []*Namespace
|
||||
|
||||
contents, err := g.Do("GET", url, opaque, nil)
|
||||
if err == nil {
|
||||
err = json.Unmarshal(contents, &groups)
|
||||
}
|
||||
|
||||
return groups, err
|
||||
}
|
|
@ -55,6 +55,7 @@ type Project struct {
|
|||
type Namespace struct {
|
||||
Id int `json:"id,omitempty"`
|
||||
Name string `json:"name,omitempty"`
|
||||
Path string `json:"path,omitempty"`
|
||||
}
|
||||
|
||||
type Person struct {
|
||||
|
|
|
@ -103,6 +103,28 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
|
|||
if err != nil {
|
||||
return nil, false, err
|
||||
}
|
||||
|
||||
if len(g.AllowedOrgs) != 0 {
|
||||
groups, err := client.AllGroups()
|
||||
if err != nil {
|
||||
return nil, false, fmt.Errorf("Could not check org membership. %s", err)
|
||||
}
|
||||
|
||||
var member bool
|
||||
for _, group := range groups {
|
||||
for _, allowedOrg := range g.AllowedOrgs {
|
||||
if group.Path == allowedOrg {
|
||||
member = true
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !member {
|
||||
return nil, false, fmt.Errorf("User does not belong to correct group. Must belong to %v", g.AllowedOrgs)
|
||||
}
|
||||
}
|
||||
|
||||
user := &model.User{}
|
||||
user.Login = login.Username
|
||||
user.Email = login.Email
|
||||
|
@ -115,7 +137,7 @@ func (g *Gitlab) Login(res http.ResponseWriter, req *http.Request) (*model.User,
|
|||
user.Avatar = g.URL + "/" + login.AvatarUrl
|
||||
}
|
||||
|
||||
return user, true, nil
|
||||
return user, g.Open, nil
|
||||
}
|
||||
|
||||
func (g *Gitlab) Auth(token, secret string) (string, error) {
|
||||
|
@ -456,25 +478,6 @@ func (g *Gitlab) Oauth2Transport(r *http.Request) *oauth2.Transport {
|
|||
}
|
||||
}
|
||||
|
||||
// Accessor method, to allowed remote organizations field.
|
||||
func (g *Gitlab) GetOrgs() []string {
|
||||
return g.AllowedOrgs
|
||||
}
|
||||
|
||||
// Accessor method, to open field.
|
||||
func (g *Gitlab) GetOpen() bool {
|
||||
return g.Open
|
||||
}
|
||||
|
||||
// return default scope for GitHub
|
||||
func (g *Gitlab) Scope() string {
|
||||
return DefaultScope
|
||||
}
|
||||
|
||||
func (g *Gitlab) String() string {
|
||||
return "gitlab"
|
||||
}
|
||||
|
||||
const (
|
||||
StatusPending = "pending"
|
||||
StatusRunning = "running"
|
||||
|
|
Loading…
Reference in a new issue