Skip to content

D
dex
Commit fbbb3cc2 authored by Joe Bowers's avatar Joe Bowers
Browse files
Options

server: all authorizations fail for disabled users

parent ffabe03b
Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 6 deletions
integration/user_api_test.go
View file @ fbbb3cc2
...@@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) { ...@@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) {
id: "ID-1", id: "ID-1",
token: userBadTokenDisabled, token: userBadTokenDisabled,
errCode: http.StatusUnauthorized, // TODO test with custom err before merge errCode: http.StatusUnauthorized,
}, { }, {
id: "ID-1", id: "ID-1",
......
server/user.go
View file @ fbbb3cc2
...@@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) { ...@@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) {
return api.Creds{}, err return api.Creds{}, err
} }
if usr.Disabled {
return api.Creds{}, api.ErrorUnauthorized
}
isAdmin, err := s.cir.IsDexAdmin(clientID) isAdmin, err := s.cir.IsDexAdmin(clientID)
if err != nil { if err != nil {
log.Errorf("userMgmtServer: GetCreds err: %q", err) log.Errorf("userMgmtServer: GetCreds err: %q", err)
......
user/api/api.go
View file @ fbbb3cc2
...@@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string) ...@@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string)
} }
func (u *UsersAPI) Authorize(creds Creds) bool { func (u *UsersAPI) Authorize(creds Creds) bool {
return creds.User.Admin return creds.User.Admin && !creds.User.Disabled
} }
func userToSchemaUser(usr user.User) schema.User { func userToSchemaUser(usr user.User) schema.User {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment