diff options
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/api/auth/callback.go | 9 | ||||
| -rw-r--r-- | internal/config/config.go | 1 | ||||
| -rw-r--r-- | internal/config/helpers.gen.go | 25 |
3 files changed, 33 insertions, 2 deletions
diff --git a/internal/api/auth/callback.go b/internal/api/auth/callback.go index bef7b013f..5f0425dea 100644 --- a/internal/api/auth/callback.go +++ b/internal/api/auth/callback.go @@ -284,10 +284,15 @@ func (m *Module) createUserFromOIDC(ctx context.Context, claims *oidc.Claims, ex } // check if the user is in any recognised admin groups + adminGroups := config.GetOIDCAdminGroups() var admin bool +LOOP: for _, g := range claims.Groups { - if strings.EqualFold(g, "admin") || strings.EqualFold(g, "admins") { - admin = true + for _, ag := range adminGroups { + if strings.EqualFold(g, ag) { + admin = true + break LOOP + } } } diff --git a/internal/config/config.go b/internal/config/config.go index 1dea90788..5673b76dd 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -122,6 +122,7 @@ type Configuration struct { OIDCClientSecret string `name:"oidc-client-secret" usage:"ClientSecret of GoToSocial, as registered with the OIDC provider."` OIDCScopes []string `name:"oidc-scopes" usage:"OIDC scopes."` OIDCLinkExisting bool `name:"oidc-link-existing" usage:"link existing user accounts to OIDC logins based on the stored email value"` + OIDCAdminGroups []string `name:"oidc-admin-groups" usage:"Membership of one of the listed groups makes someone a GtS admin"` SMTPHost string `name:"smtp-host" usage:"Host of the smtp server. Eg., 'smtp.eu.mailgun.org'"` SMTPPort int `name:"smtp-port" usage:"Port of the smtp server. Eg., 587"` diff --git a/internal/config/helpers.gen.go b/internal/config/helpers.gen.go index 1a4c14a82..41c56a571 100644 --- a/internal/config/helpers.gen.go +++ b/internal/config/helpers.gen.go @@ -1724,6 +1724,31 @@ func GetOIDCLinkExisting() bool { return global.GetOIDCLinkExisting() } // SetOIDCLinkExisting safely sets the value for global configuration 'OIDCLinkExisting' field func SetOIDCLinkExisting(v bool) { global.SetOIDCLinkExisting(v) } +// GetOIDCAdminGroups safely fetches the Configuration value for state's 'OIDCAdminGroups' field +func (st *ConfigState) GetOIDCAdminGroups() (v []string) { + st.mutex.Lock() + v = st.config.OIDCAdminGroups + st.mutex.Unlock() + return +} + +// SetOIDCAdminGroups safely sets the Configuration value for state's 'OIDCAdminGroups' field +func (st *ConfigState) SetOIDCAdminGroups(v []string) { + st.mutex.Lock() + defer st.mutex.Unlock() + st.config.OIDCAdminGroups = v + st.reloadToViper() +} + +// OIDCAdminGroupsFlag returns the flag name for the 'OIDCAdminGroups' field +func OIDCAdminGroupsFlag() string { return "oidc-admin-groups" } + +// GetOIDCAdminGroups safely fetches the value for global configuration 'OIDCAdminGroups' field +func GetOIDCAdminGroups() []string { return global.GetOIDCAdminGroups() } + +// SetOIDCAdminGroups safely sets the value for global configuration 'OIDCAdminGroups' field +func SetOIDCAdminGroups(v []string) { global.SetOIDCAdminGroups(v) } + // GetSMTPHost safely fetches the Configuration value for state's 'SMTPHost' field func (st *ConfigState) GetSMTPHost() (v string) { st.mutex.Lock() |