empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
fe9cdb7017
fleet/server/service/service_users.go
Roberto Dip 05ddeade90
add back-end implementation for SSO JIT provisioning (#7182) 
Related to #7053, this uses the SSO config added in #7140 to enable JIT provisioning for premium instances.
2022-08-15 14:42:33 -03:00

48 lines
1.3 KiB
Go
Raw Blame History

package service
import (
"context"
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
"github.com/fleetdm/fleet/v4/server/fleet"
"github.com/fleetdm/fleet/v4/server/ptr"
)
func (svc *Service) CreateInitialUser(ctx context.Context, p fleet.UserPayload) (*fleet.User, error) {
// skipauth: Only the initial user creation should be allowed to skip
// authorization (because there is not yet a user context to check against).
svc.authz.SkipAuthorization(ctx)
setupRequired, err := svc.SetupRequired(ctx)
if err != nil {
return nil, err
}
if !setupRequired {
return nil, ctxerr.New(ctx, "a user already exists")
}
// Initial user should be global admin with no explicit teams
p.GlobalRole = ptr.String(fleet.RoleAdmin)
p.Teams = nil
return svc.NewUser(ctx, p)
}
func (svc *Service) NewUser(ctx context.Context, p fleet.UserPayload) (*fleet.User, error) {
user, err := p.User(svc.config.Auth.SaltKeySize, svc.config.Auth.BcryptCost)
if err != nil {
return nil, err
}
user, err = svc.ds.NewUser(ctx, user)
if err != nil {
return nil, err
}
return user, nil
}
func (svc *Service) UserUnauthorized(ctx context.Context, id uint) (*fleet.User, error) {
// Explicitly no authorization check. Should only be used by middleware.
return svc.ds.UserByID(ctx, id)
}
Reference in New Issue View Git Blame Copy Permalink