Can grant a client to all users
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
parent
412eaf2bff
commit
d27c542e1f
@ -18,6 +18,8 @@ You can configure a list of clients (Relying Parties) in a `clients.yaml` file w
|
||||
redirect_uri: https://mygit.mywebsite.com/
|
||||
# If you want new accounts to be granted access to this client by default
|
||||
default: true
|
||||
# If you want the client to be granted to every users, regardless their account configuration
|
||||
granted_to_all_users: true
|
||||
```
|
||||
|
||||
On the first run, BasicOIDC will create a new administrator with credentials `admin` / `admin`. On first login you will have to change these default credentials.
|
||||
|
@ -235,7 +235,13 @@ pub async fn users_route(
|
||||
|
||||
pub async fn create_user(admin: CurrentUser, clients: web::Data<ClientManager>) -> impl Responder {
|
||||
let mut user = User::default();
|
||||
user.authorized_clients = Some(clients.get_default_clients().iter().map(|u| u.id.clone()).collect());
|
||||
user.authorized_clients = Some(
|
||||
clients
|
||||
.get_default_clients()
|
||||
.iter()
|
||||
.map(|u| u.id.clone())
|
||||
.collect(),
|
||||
);
|
||||
|
||||
HttpResponse::Ok().body(
|
||||
EditUserTemplate {
|
||||
|
@ -164,7 +164,7 @@ pub async fn authorize(
|
||||
};
|
||||
|
||||
// Check if user is authorized to access the application
|
||||
if !user.can_access_app(&client.id) {
|
||||
if !user.can_access_app(&client) {
|
||||
return error_redirect(
|
||||
&query,
|
||||
"invalid_request",
|
||||
|
@ -24,6 +24,10 @@ pub struct Client {
|
||||
/// Specify if the client must be allowed by default for new account
|
||||
#[serde(default = "bool::default")]
|
||||
pub default: bool,
|
||||
|
||||
/// Specify whether a client is granted to all users
|
||||
#[serde(default = "bool::default")]
|
||||
pub granted_to_all_users: bool,
|
||||
}
|
||||
|
||||
impl PartialEq for Client {
|
||||
|
@ -2,7 +2,7 @@ use std::collections::HashMap;
|
||||
use std::net::IpAddr;
|
||||
|
||||
use crate::constants::SECOND_FACTOR_EXEMPTION_AFTER_SUCCESSFUL_LOGIN;
|
||||
use crate::data::client::ClientID;
|
||||
use crate::data::client::{Client, ClientID};
|
||||
use crate::data::login_redirect::LoginRedirect;
|
||||
use crate::data::totp_key::TotpKey;
|
||||
use crate::data::webauthn_manager::WebauthnPubKey;
|
||||
@ -170,10 +170,14 @@ impl User {
|
||||
}
|
||||
}
|
||||
|
||||
pub fn can_access_app(&self, id: &ClientID) -> bool {
|
||||
pub fn can_access_app(&self, client: &Client) -> bool {
|
||||
if client.granted_to_all_users {
|
||||
return true;
|
||||
}
|
||||
|
||||
match self.granted_clients() {
|
||||
GrantedClients::AllClients => true,
|
||||
GrantedClients::SomeClients(c) => c.contains(id),
|
||||
GrantedClients::SomeClients(c) => c.contains(&client.id),
|
||||
GrantedClients::NoClient => false,
|
||||
}
|
||||
}
|
||||
|
@ -144,7 +144,7 @@
|
||||
<div class="form-check">
|
||||
<input id="client-{{ c.id.0 }}" class="form-check-input authorize_client_checkbox" type="checkbox"
|
||||
data-id="{{ c.id.0 }}"
|
||||
{% if u.can_access_app(c.id) %} checked="" {% endif %}>
|
||||
{% if u.can_access_app(c) %} checked="" {% endif %}>
|
||||
<label class="form-check-label" for="client-{{ c.id.0 }}">
|
||||
{{ c.name }}
|
||||
</label>
|
||||
|
Loading…
Reference in New Issue
Block a user