mirror of
https://github.com/1f349/lavender.git
synced 2024-12-22 15:44:07 +00:00
Add domain ownership info
This commit is contained in:
parent
6f16ea6690
commit
8a364b59ac
@ -12,6 +12,7 @@ type Conf struct {
|
|||||||
Issuer string `json:"issuer"`
|
Issuer string `json:"issuer"`
|
||||||
SsoServices []issuer.SsoConfig `json:"sso_services"`
|
SsoServices []issuer.SsoConfig `json:"sso_services"`
|
||||||
AllowedClients []AllowedClient `json:"allowed_clients"`
|
AllowedClients []AllowedClient `json:"allowed_clients"`
|
||||||
|
Ownership DomainOwnership `json:"ownership"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type AllowedClient struct {
|
type AllowedClient struct {
|
||||||
|
@ -129,13 +129,16 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var needsMailFlag bool
|
var needsMailFlag, needsDomains bool
|
||||||
|
|
||||||
ps := claims.NewPermStorage()
|
ps := claims.NewPermStorage()
|
||||||
for _, i := range v.target.Permissions {
|
for _, i := range v.target.Permissions {
|
||||||
if strings.HasPrefix(i, "dynamic:") {
|
if strings.HasPrefix(i, "dynamic:") {
|
||||||
if i == "dynamic:mail-client" {
|
switch i {
|
||||||
|
case "dynamic:mail-client":
|
||||||
needsMailFlag = true
|
needsMailFlag = true
|
||||||
|
case "dynamic:domain-owns":
|
||||||
|
needsDomains = true
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ps.Set(i)
|
ps.Set(i)
|
||||||
@ -162,6 +165,13 @@ func (h *HttpServer) flowCallback(rw http.ResponseWriter, req *http.Request, _ h
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if needsDomains {
|
||||||
|
a := h.conf.Ownership.AllOwns(sub + "@" + v.sso.Config.Namespace)
|
||||||
|
for _, i := range a {
|
||||||
|
ps.Set("domain:owns=" + i)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
noEmailSupport:
|
noEmailSupport:
|
||||||
nsSub := sub + "@" + v.sso.Config.Namespace
|
nsSub := sub + "@" + v.sso.Config.Namespace
|
||||||
ati := uuidNewStringAti()
|
ati := uuidNewStringAti()
|
||||||
|
17
server/owners.go
Normal file
17
server/owners.go
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
package server
|
||||||
|
|
||||||
|
// DomainOwnership is the structure for storing if a user owns a domain
|
||||||
|
type DomainOwnership map[string][]string
|
||||||
|
|
||||||
|
func (d DomainOwnership) AllOwns(user string) []string {
|
||||||
|
return d[user]
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d DomainOwnership) Owns(user, domain string) bool {
|
||||||
|
for _, i := range d[user] {
|
||||||
|
if i == domain {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user