diff options
| author | KN4CK3R <admin@oldschoolhack.me> | 2023-02-08 07:44:42 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-02-08 14:44:42 +0800 |
| commit | e8186f1c0f194ce3f63bed9a564002b80c0859c9 (patch) | |
| tree | 75ffc50f54af2ef441ecf60448531b9e0ed64490 /cmd/admin.go | |
| parent | 2c6cc0b8c982b3d49a5b208f75e15b2269584312 (diff) | |
| download | gitea-e8186f1c0f194ce3f63bed9a564002b80c0859c9.tar.gz gitea-e8186f1c0f194ce3f63bed9a564002b80c0859c9.zip | |
Map OIDC groups to Orgs/Teams (#21441)
Fixes #19555
Test-Instructions:
https://github.com/go-gitea/gitea/pull/21441#issuecomment-1419438000
This PR implements the mapping of user groups provided by OIDC providers
to orgs teams in Gitea. The main part is a refactoring of the existing
LDAP code to make it usable from different providers.
Refactorings:
- Moved the router auth code from module to service because of import
cycles
- Changed some model methods to take a `Context` parameter
- Moved the mapping code from LDAP to a common location
I've tested it with Keycloak but other providers should work too. The
JSON mapping format is the same as for LDAP.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'cmd/admin.go')
| -rw-r--r-- | cmd/admin.go | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/cmd/admin.go b/cmd/admin.go index 4e2dc2bf06..318c212d08 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -372,6 +372,15 @@ var ( Value: "", Usage: "Group Claim value for restricted users", }, + cli.StringFlag{ + Name: "group-team-map", + Value: "", + Usage: "JSON mapping between groups and org teams", + }, + cli.BoolFlag{ + Name: "group-team-map-removal", + Usage: "Activate automatic team membership removal depending on groups", + }, } microcmdAuthUpdateOauth = cli.Command{ @@ -853,6 +862,8 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source { GroupClaimName: c.String("group-claim-name"), AdminGroup: c.String("admin-group"), RestrictedGroup: c.String("restricted-group"), + GroupTeamMap: c.String("group-team-map"), + GroupTeamMapRemoval: c.Bool("group-team-map-removal"), } } @@ -935,6 +946,12 @@ func runUpdateOauth(c *cli.Context) error { if c.IsSet("restricted-group") { oAuth2Config.RestrictedGroup = c.String("restricted-group") } + if c.IsSet("group-team-map") { + oAuth2Config.GroupTeamMap = c.String("group-team-map") + } + if c.IsSet("group-team-map-removal") { + oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal") + } // update custom URL mapping customURLMapping := &oauth2.CustomURLMapping{} |