empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-07 09:18:59 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8c18446762
fleet/ee/server/service/users.go
Roberto Dip cd2ab6b17c
add server side validation for emails (#8022) 
related to https://github.com/fleetdm/fleet/issues/7199, this adds email validation to the `verifyCreateShared` which is used for user creation in the server.

validation messages come directly from Go's `net/mail` package.

```
~/fleet $ curl 'https://localhost:8080/api/latest/fleet/users/admin' -X POST -H 'Authorization: Bearer $TOKEN' --data-raw '{"email":"asdf","name":"asdf@asd.com","password":"as;lkdfjasdlk;fja3234@","global_role":"observer","teams":[]}'
{
  "message": "Validation Failed",
  "errors": [
    {
      "name": "email",
      "reason": "mail: missing '@' or angle-addr"
    }
  ]
}
```
2022-10-03 13:29:01 -03:00

67 lines
1.6 KiB
Go
Raw Blame History

package service
import (
"context"
"errors"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
)
// GetSSOUser is the premium implementation of svc.GetSSOUser, it allows to
// create users during the SSO flow the first time they log in if
// config.SSOSettings.EnableJITProvisioning is `true`
func (svc *Service) GetSSOUser(ctx context.Context, auth fleet.Auth) (*fleet.User, error) {
config, err := svc.ds.AppConfig(ctx)
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "getting app config")
}
// despite the fact that svc.NewUser will also validate the
// email, we do it here to avoid hitting the database early if
// the email happens to be invalid.
if err := fleet.ValidateEmail(auth.UserID()); err != nil {
return nil, ctxerr.New(ctx, "validating SSO response")
}
user, err := svc.Service.GetSSOUser(ctx, auth)
var nfe fleet.NotFoundError
switch {
case err == nil:
return user, nil
case errors.As(err, &nfe):
if !config.SSOSettings.EnableJITProvisioning {
return nil, err
}
default:
return nil, err
}
displayName := auth.UserDisplayName()
if displayName == "" {
displayName = auth.UserID()
}
user, err = svc.Service.NewUser(ctx, fleet.UserPayload{
Name: &displayName,
Email: ptr.String(auth.UserID()),
SSOEnabled: ptr.Bool(true),
GlobalRole: ptr.String(fleet.RoleObserver),
})
if err != nil {
return nil, ctxerr.Wrap(ctx, err, "creating new SSO user")
}
err = svc.ds.NewActivity(
ctx,
user,
fleet.ActivityTypeUserAddedBySSO,
&map[string]interface{}{},
)
if err != nil {
return nil, err
}
return user, nil
}
Reference in New Issue View Git Blame Copy Permalink