Auto-create users after external auth when enable-user-on-auth is on
This commit is contained in:
parent
c79fc0c19e
commit
ca2d666056
@ -185,6 +185,9 @@ The following directives are supported:
|
|||||||
This can be used together with _disable-inactive-user_ to seamlessly
|
This can be used together with _disable-inactive-user_ to seamlessly
|
||||||
disable and re-enable users during lengthy inactivity.
|
disable and re-enable users during lengthy inactivity.
|
||||||
|
|
||||||
|
When external authentication is used (e.g. _auth oauth2_), bouncer users
|
||||||
|
are automatically created after successfull authentication.
|
||||||
|
|
||||||
*auth* <driver> ...
|
*auth* <driver> ...
|
||||||
Set the authentication method. By default, internal authentication is used.
|
Set the authentication method. By default, internal authentication is used.
|
||||||
|
|
||||||
|
@ -1260,6 +1260,20 @@ func unmarshalUsername(rawUsername string) (username, client, network string) {
|
|||||||
|
|
||||||
func (dc *downstreamConn) setUser(username, clientName, networkName string) error {
|
func (dc *downstreamConn) setUser(username, clientName, networkName string) error {
|
||||||
dc.user = dc.srv.getUser(username)
|
dc.user = dc.srv.getUser(username)
|
||||||
|
if dc.user == nil && dc.user.srv.Config().EnableUsersOnAuth {
|
||||||
|
ctx := context.TODO()
|
||||||
|
if _, err := dc.user.srv.db.GetUser(ctx, username); err != nil {
|
||||||
|
// Can't find the user in the DB -- try to create it
|
||||||
|
record := database.User{
|
||||||
|
Username: username,
|
||||||
|
Enabled: true,
|
||||||
|
}
|
||||||
|
dc.user, err = dc.user.srv.createUser(ctx, &record)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to automatically create user %q after successful authentication: %v", username, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if dc.user == nil {
|
if dc.user == nil {
|
||||||
return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help")
|
return fmt.Errorf("user exists in the DB but hasn't been loaded by the bouncer -- a restart may help")
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user