Auto-create users after external auth when enable-user-on-auth is on

This commit is contained in:
Simon Ser 2023-01-26 20:28:59 +01:00
parent c79fc0c19e
commit ca2d666056
2 changed files with 17 additions and 0 deletions

View File

@ -185,6 +185,9 @@ The following directives are supported:
This can be used together with _disable-inactive-user_ to seamlessly This can be used together with _disable-inactive-user_ to seamlessly
disable and re-enable users during lengthy inactivity. disable and re-enable users during lengthy inactivity.
When external authentication is used (e.g. _auth oauth2_), bouncer users
are automatically created after successfull authentication.
*auth* <driver> ... *auth* <driver> ...
Set the authentication method. By default, internal authentication is used. Set the authentication method. By default, internal authentication is used.

View File

@ -1260,6 +1260,20 @@ func unmarshalUsername(rawUsername string) (username, client, network string) {
func (dc *downstreamConn) setUser(username, clientName, networkName string) error { func (dc *downstreamConn) setUser(username, clientName, networkName string) error {
dc.user = dc.srv.getUser(username) dc.user = dc.srv.getUser(username)
if dc.user == nil && dc.user.srv.Config().EnableUsersOnAuth {
ctx := context.TODO()
if _, err := dc.user.srv.db.GetUser(ctx, username); err != nil {
// Can't find the user in the DB -- try to create it
record := database.User{
Username: username,
Enabled: true,
}
dc.user, err = dc.user.srv.createUser(ctx, &record)
if err != nil {
return fmt.Errorf("failed to automatically create user %q after successful authentication: %v", username, err)
}
}
}
if dc.user == nil { if dc.user == nil {
return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help") return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help")
} }