public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Note legacy areas to refactor away from `groupValidator`

This commit is contained in:
Nick Meves 2020-11-08 14:01:50 -08:00
parent b9661cb6fe
commit d7fa979060
No known key found for this signature in database
GPG Key ID: 93BA8A3CEDCDD1CF
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
providers/google.go
View File

@ -180,6 +180,11 @@ func (p *GoogleProvider) Redeem(ctx context.Context, redirectURL, code string) (
// EnrichSessionState checks the listed Google Groups configured and adds any
// that the user is a member of to session.Groups.
func (p *GoogleProvider) EnrichSessionState(ctx context.Context, s *sessions.SessionState) error {
// TODO (@NickMeves) - Move to pure EnrichSessionState logic and stop
// reusing legacy `groupValidator`.
//
// This is called here to get the validator to do the `session.Groups`
// populating logic.
p.groupValidator(s)
return nil
@ -273,6 +278,9 @@ func (p *GoogleProvider) RefreshSessionIfNeeded(ctx context.Context, s *sessions
return false, err
}
// TODO (@NickMeves) - Align Group authorization needs with other providers'
// behavior in the `RefreshSession` case.
//
// re-check that the user is in the proper google group(s)
if !p.groupValidator(s) {
return false, fmt.Errorf("%s is no longer in the group(s)", s.Email)