mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 07:34:06 +00:00
Add domain ownership info
This commit is contained in:
parent
6f16ea6690
commit
8a364b59ac
@ -12,6 +12,7 @@ type Conf struct {
|
||||
Issuer string `json:"issuer"`
|
||||
SsoServices []issuer.SsoConfig `json:"sso_services"`
|
||||
AllowedClients []AllowedClient `json:"allowed_clients"`
|
||||
Ownership DomainOwnership `json:"ownership"`
|
||||
}
|
||||
|
||||
type AllowedClient struct {
|
||||
|
@ -129,13 +129,16 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
|
||||
return
|
||||
}
|
||||
|
||||
var needsMailFlag bool
|
||||
var needsMailFlag, needsDomains bool
|
||||
|
||||
ps := claims.NewPermStorage()
|
||||
for _, i := range v.target.Permissions {
|
||||
if strings.HasPrefix(i, "dynamic:") {
|
||||
if i == "dynamic:mail-client" {
|
||||
switch i {
|
||||
case "dynamic:mail-client":
|
||||
needsMailFlag = true
|
||||
case "dynamic:domain-owns":
|
||||
needsDomains = true
|
||||
}
|
||||
} else {
|
||||
ps.Set(i)
|
||||
@ -162,6 +165,13 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
|
||||
}
|
||||
}
|
||||
|
||||
if needsDomains {
|
||||
a := h.conf.Ownership.AllOwns(sub + "@" + v.sso.Config.Namespace)
|
||||
for _, i := range a {
|
||||
ps.Set("domain:owns=" + i)
|
||||
}
|
||||
}
|
||||
|
||||
noEmailSupport:
|
||||
nsSub := sub + "@" + v.sso.Config.Namespace
|
||||
ati := uuidNewStringAti()
|
||||
|
17
server/owners.go
Normal file
17
server/owners.go
Normal file
@ -0,0 +1,17 @@
|
||||
package server
|
||||
|
||||
// DomainOwnership is the structure for storing if a user owns a domain
|
||||
type DomainOwnership map[string][]string
|
||||
|
||||
func (d DomainOwnership) AllOwns(user string) []string {
|
||||
return d[user]
|
||||
}
|
||||
|
||||
func (d DomainOwnership) Owns(user, domain string) bool {
|
||||
for _, i := range d[user] {
|
||||
if i == domain {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
Loading…
Reference in New Issue
Block a user