dex/connector/gitlab/gitlab.go

// Package gitlab provides authentication strategies using Gitlab.
package gitlab

import (
	"context"
	"encoding/json"
	"errors"
	"fmt"
	"io/ioutil"
	"net/http"
	"strconv"

	"golang.org/x/oauth2"

	"github.com/dexidp/dex/connector"
	"github.com/dexidp/dex/pkg/groups"
	"github.com/dexidp/dex/pkg/log"
)

const (
	// read operations of the /api/v4/user endpoint
	scopeUser = "read_user"
	// used to retrieve groups from /oauth/userinfo
	// https://docs.gitlab.com/ee/integration/openid_connect_provider.html
	scopeOpenID = "openid"
)

// Config holds configuration options for gitlab logins.
type Config struct {
	BaseURL      string   `json:"baseURL"`
	ClientID     string   `json:"clientID"`
	ClientSecret string   `json:"clientSecret"`
	RedirectURI  string   `json:"redirectURI"`
	Groups       []string `json:"groups"`
	UseLoginAsID bool     `json:"useLoginAsID"`
}

type gitlabUser struct {
	ID       int
	Name     string
	Username string
	State    string
	Email    string
	IsAdmin  bool
}

// Open returns a strategy for logging in through GitLab.
func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {
	if c.BaseURL == "" {
		c.BaseURL = "https://gitlab.com"
	}
	return &gitlabConnector{
		baseURL:      c.BaseURL,
		redirectURI:  c.RedirectURI,
		clientID:     c.ClientID,
		clientSecret: c.ClientSecret,
		logger:       logger,
		groups:       c.Groups,
		useLoginAsID: c.UseLoginAsID,
	}, nil
}

type connectorData struct {
	// GitLab's OAuth2 tokens never expire. We don't need a refresh token.
	AccessToken string `json:"accessToken"`
}

var (
	_ connector.CallbackConnector = (*gitlabConnector)(nil)
	_ connector.RefreshConnector  = (*gitlabConnector)(nil)
)

type gitlabConnector struct {
	baseURL      string
	redirectURI  string
	groups       []string
	clientID     string
	clientSecret string
	logger       log.Logger
	httpClient   *http.Client
	// if set to true will use the user's handle rather than their numeric id as the ID
	useLoginAsID bool
}

func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
	gitlabScopes := []string{scopeUser}
	if c.groupsRequired(scopes.Groups) {
		gitlabScopes = []string{scopeUser, scopeOpenID}
	}

	gitlabEndpoint := oauth2.Endpoint{AuthURL: c.baseURL + "/oauth/authorize", TokenURL: c.baseURL + "/oauth/token"}
	return &oauth2.Config{
		ClientID:     c.clientID,
		ClientSecret: c.clientSecret,
		Endpoint:     gitlabEndpoint,
		Scopes:       gitlabScopes,
		RedirectURL:  c.redirectURI,
	}
}

func (c *gitlabConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) {
	if c.redirectURI != callbackURL {
		return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", c.redirectURI, callbackURL)
	}
	return c.oauth2Config(scopes).AuthCodeURL(state), nil
}

type oauth2Error struct {
	error            string
	errorDescription string
}

func (e *oauth2Error) Error() string {
	if e.errorDescription == "" {
		return e.error
	}
	return e.error + ": " + e.errorDescription
}

func (c *gitlabConnector) HandleCallback(s connector.Scopes, r *http.Request) (identity connector.Identity, err error) {
	q := r.URL.Query()
	if errType := q.Get("error"); errType != "" {
		return identity, &oauth2Error{errType, q.Get("error_description")}
	}

	oauth2Config := c.oauth2Config(s)

	ctx := r.Context()
	if c.httpClient != nil {
		ctx = context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient)
	}

	token, err := oauth2Config.Exchange(ctx, q.Get("code"))
	if err != nil {
		return identity, fmt.Errorf("gitlab: failed to get token: %v", err)
	}

	client := oauth2Config.Client(ctx, token)

	user, err := c.user(ctx, client)
	if err != nil {
		return identity, fmt.Errorf("gitlab: get user: %v", err)
	}

	username := user.Name
	if username == "" {
		username = user.Email
	}
	identity = connector.Identity{
		UserID:            strconv.Itoa(user.ID),
		Username:          username,
		PreferredUsername: user.Username,
		Email:             user.Email,
		EmailVerified:     true,
	}
	if c.useLoginAsID {
		identity.UserID = user.Username
	}

	if c.groupsRequired(s.Groups) {
		groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
		if err != nil {
			return identity, fmt.Errorf("gitlab: get groups: %v", err)
		}
		identity.Groups = groups
	}

	if s.OfflineAccess {
		data := connectorData{AccessToken: token.AccessToken}
		connData, err := json.Marshal(data)
		if err != nil {
			return identity, fmt.Errorf("marshal connector data: %v", err)
		}
		identity.ConnectorData = connData
	}

	return identity, nil
}

func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Scopes, ident connector.Identity) (connector.Identity, error) {
	if len(ident.ConnectorData) == 0 {
		return ident, errors.New("no upstream access token found")
	}

	var data connectorData
	if err := json.Unmarshal(ident.ConnectorData, &data); err != nil {
		return ident, fmt.Errorf("gitlab: unmarshal access token: %v", err)
	}

	client := c.oauth2Config(s).Client(ctx, &oauth2.Token{AccessToken: data.AccessToken})
	user, err := c.user(ctx, client)
	if err != nil {
		return ident, fmt.Errorf("gitlab: get user: %v", err)
	}

	username := user.Name
	if username == "" {
		username = user.Email
	}
	ident.Username = username
	ident.PreferredUsername = user.Username
	ident.Email = user.Email

	if c.groupsRequired(s.Groups) {
		groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
		if err != nil {
			return ident, fmt.Errorf("gitlab: get groups: %v", err)
		}
		ident.Groups = groups
	}
	return ident, nil
}

func (c *gitlabConnector) groupsRequired(groupScope bool) bool {
	return len(c.groups) > 0 || groupScope
}

// user queries the GitLab API for profile information using the provided client. The HTTP
// client is expected to be constructed by the golang.org/x/oauth2 package, which inserts
// a bearer token as part of the request.
func (c *gitlabConnector) user(ctx context.Context, client *http.Client) (gitlabUser, error) {
	var u gitlabUser
	req, err := http.NewRequest("GET", c.baseURL+"/api/v4/user", nil)
	if err != nil {
		return u, fmt.Errorf("gitlab: new req: %v", err)
	}
	req = req.WithContext(ctx)
	resp, err := client.Do(req)
	if err != nil {
		return u, fmt.Errorf("gitlab: get URL %v", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			return u, fmt.Errorf("gitlab: read body: %v", err)
		}
		return u, fmt.Errorf("%s: %s", resp.Status, body)
	}

	if err := json.NewDecoder(resp.Body).Decode(&u); err != nil {
		return u, fmt.Errorf("failed to decode response: %v", err)
	}
	return u, nil
}

type userInfo struct {
	Groups []string
}

// userGroups queries the GitLab API for group membership.
//
// The HTTP passed client is expected to be constructed by the golang.org/x/oauth2 package,
// which inserts a bearer token as part of the request.
func (c *gitlabConnector) userGroups(ctx context.Context, client *http.Client) ([]string, error) {
	req, err := http.NewRequest("GET", c.baseURL+"/oauth/userinfo", nil)
	if err != nil {
		return nil, fmt.Errorf("gitlab: new req: %v", err)
	}
	req = req.WithContext(ctx)
	resp, err := client.Do(req)
	if err != nil {
		return nil, fmt.Errorf("gitlab: get URL %v", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusOK {
		body, err := ioutil.ReadAll(resp.Body)
		if err != nil {
			return nil, fmt.Errorf("gitlab: read body: %v", err)
		}
		return nil, fmt.Errorf("%s: %s", resp.Status, body)
	}
	var u userInfo
	if err := json.NewDecoder(resp.Body).Decode(&u); err != nil {
		return nil, fmt.Errorf("failed to decode response: %v", err)
	}

	return u.Groups, nil
}

func (c *gitlabConnector) getGroups(ctx context.Context, client *http.Client, groupScope bool, userLogin string) ([]string, error) {
	gitlabGroups, err := c.userGroups(ctx, client)
	if err != nil {
		return nil, err
	}

	if len(c.groups) > 0 {
		filteredGroups := groups.Filter(gitlabGroups, c.groups)
		if len(filteredGroups) == 0 {
			return nil, fmt.Errorf("gitlab: user %q is not in any of the required groups", userLogin)
		}
		return filteredGroups, nil
	} else if groupScope {
		return gitlabGroups, nil
	}

	return nil, nil
}
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`// Package gitlab provides authentication strategies using Gitlab.`
			`package gitlab`

			`import (`
*: update go-oidc and use standard library's context package 2017-03-08 18:33:19 +00:00			`"context"`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`"encoding/json"`
			`"errors"`
			`"fmt"`
			`"io/ioutil"`
			`"net/http"`
			`"strconv"`

			`"golang.org/x/oauth2"`
*: github.com/coreos/dex -> github.com/dexidp/dex Signed-off-by: Stephan Renatus <srenatus@chef.io> 2018-09-03 06:44:44 +00:00
			`"github.com/dexidp/dex/connector"`
connectors: refactor filter code into a helper package I hope I didn't miss any :D Signed-off-by: Stephan Renatus <srenatus@chef.io> 2019-07-03 08:40:31 +00:00			`"github.com/dexidp/dex/pkg/groups"`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`"github.com/dexidp/dex/pkg/log"`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`)`

			`const (`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`// read operations of the /api/v4/user endpoint`
connector/gitlab: correct scope strings, better default 2017-08-15 21:47:45 +00:00			`scopeUser = "read_user"`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`// used to retrieve groups from /oauth/userinfo`
			`// https://docs.gitlab.com/ee/integration/openid_connect_provider.html`
			`scopeOpenID = "openid"`
connector/gitlab: Fix regexp in Link parser 2017-09-28 13:43:42 +00:00			`)`

Update gitlab.go fix typo 2020-01-16 03:26:57 +00:00			`// Config holds configuration options for gitlab logins.`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`type Config struct {`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			BaseURL string `json:"baseURL"`
			ClientID string `json:"clientID"`
			ClientSecret string `json:"clientSecret"`
			RedirectURI string `json:"redirectURI"`
			Groups []string `json:"groups"`
connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-26 10:35:35 +00:00			UseLoginAsID bool `json:"useLoginAsID"`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`

			`type gitlabUser struct {`
			`ID int`
			`Name string`
			`Username string`
			`State string`
			`Email string`
			`IsAdmin bool`
			`}`

			`// Open returns a strategy for logging in through GitLab.`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) {`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`if c.BaseURL == "" {`
fix default baseURL for gitlab connector 2018-08-28 17:05:30 +00:00			`c.BaseURL = "https://gitlab.com"`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`
			`return &gitlabConnector{`
			`baseURL: c.BaseURL,`
			`redirectURI: c.RedirectURI,`
			`clientID: c.ClientID,`
			`clientSecret: c.ClientSecret,`
			`logger: logger,`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`groups: c.Groups,`
connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-26 10:35:35 +00:00			`useLoginAsID: c.UseLoginAsID,`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}, nil`
			`}`

			`type connectorData struct {`
			`// GitLab's OAuth2 tokens never expire. We don't need a refresh token.`
			AccessToken string `json:"accessToken"`
			`}`

			`var (`
			`_ connector.CallbackConnector = (*gitlabConnector)(nil)`
			`_ connector.RefreshConnector = (*gitlabConnector)(nil)`
			`)`

			`type gitlabConnector struct {`
			`baseURL string`
			`redirectURI string`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`groups []string`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`clientID string`
			`clientSecret string`
Add logger interface and stop relying on Logrus directly 2019-02-22 12:19:23 +00:00			`logger log.Logger`
gitlab: add tests 2019-05-01 18:13:44 +00:00			`httpClient *http.Client`
connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-26 10:35:35 +00:00			`// if set to true will use the user's handle rather than their numeric id as the ID`
			`useLoginAsID bool`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`

			`func (c gitlabConnector) oauth2Config(scopes connector.Scopes) oauth2.Config {`
connector/gitlab: correct scope strings, better default 2017-08-15 21:47:45 +00:00			`gitlabScopes := []string{scopeUser}`
gitlab: add groups scope by default when filtering is requested 2019-08-14 11:33:46 +00:00			`if c.groupsRequired(scopes.Groups) {`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`gitlabScopes = []string{scopeUser, scopeOpenID}`
connector/gitlab: correct scope strings, better default 2017-08-15 21:47:45 +00:00			`}`

connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`gitlabEndpoint := oauth2.Endpoint{AuthURL: c.baseURL + "/oauth/authorize", TokenURL: c.baseURL + "/oauth/token"}`
			`return &oauth2.Config{`
			`ClientID: c.clientID,`
			`ClientSecret: c.clientSecret,`
			`Endpoint: gitlabEndpoint,`
			`Scopes: gitlabScopes,`
			`RedirectURL: c.redirectURI,`
			`}`
			`}`

			`func (c *gitlabConnector) LoginURL(scopes connector.Scopes, callbackURL, state string) (string, error) {`
			`if c.redirectURI != callbackURL {`
			`return "", fmt.Errorf("expected callback URL %q did not match the URL in the config %q", c.redirectURI, callbackURL)`
			`}`
			`return c.oauth2Config(scopes).AuthCodeURL(state), nil`
			`}`

			`type oauth2Error struct {`
			`error string`
			`errorDescription string`
			`}`

			`func (e *oauth2Error) Error() string {`
			`if e.errorDescription == "" {`
			`return e.error`
			`}`
			`return e.error + ": " + e.errorDescription`
			`}`

			`func (c gitlabConnector) HandleCallback(s connector.Scopes, r http.Request) (identity connector.Identity, err error) {`
			`q := r.URL.Query()`
			`if errType := q.Get("error"); errType != "" {`
			`return identity, &oauth2Error{errType, q.Get("error_description")}`
			`}`

			`oauth2Config := c.oauth2Config(s)`
gitlab: add tests 2019-05-01 18:13:44 +00:00
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`ctx := r.Context()`
gitlab: add tests 2019-05-01 18:13:44 +00:00			`if c.httpClient != nil {`
			`ctx = context.WithValue(r.Context(), oauth2.HTTPClient, c.httpClient)`
			`}`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00
			`token, err := oauth2Config.Exchange(ctx, q.Get("code"))`
			`if err != nil {`
			`return identity, fmt.Errorf("gitlab: failed to get token: %v", err)`
			`}`

			`client := oauth2Config.Client(ctx, token)`

			`user, err := c.user(ctx, client)`
			`if err != nil {`
			`return identity, fmt.Errorf("gitlab: get user: %v", err)`
			`}`

			`username := user.Name`
			`if username == "" {`
			`username = user.Email`
			`}`
			`identity = connector.Identity{`
add preffered_username to idToken Signed-off-by: Nandor Kracser <bonifaido@gmail.com> 2019-10-10 14:43:41 +00:00			`UserID: strconv.Itoa(user.ID),`
			`Username: username,`
			`PreferredUsername: user.Username,`
			`Email: user.Email,`
			`EmailVerified: true,`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`
connector/gitlab: implement useLoginAsID as in GitHub connector 2019-07-26 10:35:35 +00:00			`if c.useLoginAsID {`
			`identity.UserID = user.Username`
			`}`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00
gitlab: add groups scope by default when filtering is requested 2019-08-14 11:33:46 +00:00			`if c.groupsRequired(s.Groups) {`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`groups, err := c.getGroups(ctx, client, s.Groups, user.Username)`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`if err != nil {`
			`return identity, fmt.Errorf("gitlab: get groups: %v", err)`
			`}`
			`identity.Groups = groups`
			`}`

			`if s.OfflineAccess {`
			`data := connectorData{AccessToken: token.AccessToken}`
			`connData, err := json.Marshal(data)`
			`if err != nil {`
			`return identity, fmt.Errorf("marshal connector data: %v", err)`
			`}`
			`identity.ConnectorData = connData`
			`}`

			`return identity, nil`
			`}`

			`func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Scopes, ident connector.Identity) (connector.Identity, error) {`
			`if len(ident.ConnectorData) == 0 {`
			`return ident, errors.New("no upstream access token found")`
			`}`

			`var data connectorData`
			`if err := json.Unmarshal(ident.ConnectorData, &data); err != nil {`
			`return ident, fmt.Errorf("gitlab: unmarshal access token: %v", err)`
			`}`

			`client := c.oauth2Config(s).Client(ctx, &oauth2.Token{AccessToken: data.AccessToken})`
			`user, err := c.user(ctx, client)`
			`if err != nil {`
			`return ident, fmt.Errorf("gitlab: get user: %v", err)`
			`}`

			`username := user.Name`
			`if username == "" {`
			`username = user.Email`
			`}`
			`ident.Username = username`
add preffered_username to idToken Signed-off-by: Nandor Kracser <bonifaido@gmail.com> 2019-10-10 14:43:41 +00:00			`ident.PreferredUsername = user.Username`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`ident.Email = user.Email`

gitlab: add groups scope by default when filtering is requested 2019-08-14 11:33:46 +00:00			`if c.groupsRequired(s.Groups) {`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`groups, err := c.getGroups(ctx, client, s.Groups, user.Username)`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`if err != nil {`
			`return ident, fmt.Errorf("gitlab: get groups: %v", err)`
			`}`
			`ident.Groups = groups`
			`}`
			`return ident, nil`
			`}`

gitlab: add groups scope by default when filtering is requested 2019-08-14 11:33:46 +00:00			`func (c *gitlabConnector) groupsRequired(groupScope bool) bool {`
			`return len(c.groups) > 0 \|\| groupScope`
			`}`

connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`// user queries the GitLab API for profile information using the provided client. The HTTP`
			`// client is expected to be constructed by the golang.org/x/oauth2 package, which inserts`
			`// a bearer token as part of the request.`
			`func (c gitlabConnector) user(ctx context.Context, client http.Client) (gitlabUser, error) {`
			`var u gitlabUser`
connector/gitlab: correct scope strings, better default 2017-08-15 21:47:45 +00:00			`req, err := http.NewRequest("GET", c.baseURL+"/api/v4/user", nil)`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`if err != nil {`
			`return u, fmt.Errorf("gitlab: new req: %v", err)`
			`}`
			`req = req.WithContext(ctx)`
			`resp, err := client.Do(req)`
			`if err != nil {`
			`return u, fmt.Errorf("gitlab: get URL %v", err)`
			`}`
			`defer resp.Body.Close()`

			`if resp.StatusCode != http.StatusOK {`
			`body, err := ioutil.ReadAll(resp.Body)`
			`if err != nil {`
			`return u, fmt.Errorf("gitlab: read body: %v", err)`
			`}`
			`return u, fmt.Errorf("%s: %s", resp.Status, body)`
			`}`

			`if err := json.NewDecoder(resp.Body).Decode(&u); err != nil {`
			`return u, fmt.Errorf("failed to decode response: %v", err)`
			`}`
			`return u, nil`
			`}`

gitlab: add tests 2019-05-01 18:13:44 +00:00			`type userInfo struct {`
			`Groups []string`
			`}`

gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`// userGroups queries the GitLab API for group membership.`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`//`
			`// The HTTP passed client is expected to be constructed by the golang.org/x/oauth2 package,`
			`// which inserts a bearer token as part of the request.`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`func (c gitlabConnector) userGroups(ctx context.Context, client http.Client) ([]string, error) {`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`req, err := http.NewRequest("GET", c.baseURL+"/oauth/userinfo", nil)`
			`if err != nil {`
			`return nil, fmt.Errorf("gitlab: new req: %v", err)`
connector/gitlab: Fix regexp in Link parser 2017-09-28 13:43:42 +00:00			`}`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`req = req.WithContext(ctx)`
			`resp, err := client.Do(req)`
			`if err != nil {`
			`return nil, fmt.Errorf("gitlab: get URL %v", err)`
			`}`
			`defer resp.Body.Close()`
connector/gitlab: Fix regexp in Link parser 2017-09-28 13:43:42 +00:00
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`if resp.StatusCode != http.StatusOK {`
			`body, err := ioutil.ReadAll(resp.Body)`
			`if err != nil {`
			`return nil, fmt.Errorf("gitlab: read body: %v", err)`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`return nil, fmt.Errorf("%s: %s", resp.Status, body)`
connector/gitlab: Fix regexp in Link parser 2017-09-28 13:43:42 +00:00			`}`
gitlab: add tests 2019-05-01 18:13:44 +00:00			`var u userInfo`
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`if err := json.NewDecoder(resp.Body).Decode(&u); err != nil {`
			`return nil, fmt.Errorf("failed to decode response: %v", err)`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`
connector/gitlab: Fix regexp in Link parser 2017-09-28 13:43:42 +00:00
gypsydiver/1347-pr-gitlab-groups 2018-11-20 10:18:50 +00:00			`return u.Groups, nil`
connector: add GitLab connector 2017-01-24 17:56:52 +00:00			`}`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00
			`func (c gitlabConnector) getGroups(ctx context.Context, client http.Client, groupScope bool, userLogin string) ([]string, error) {`
			`gitlabGroups, err := c.userGroups(ctx, client)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if len(c.groups) > 0 {`
connectors: refactor filter code into a helper package I hope I didn't miss any :D Signed-off-by: Stephan Renatus <srenatus@chef.io> 2019-07-03 08:40:31 +00:00			`filteredGroups := groups.Filter(gitlabGroups, c.groups)`
gitlab: support for group whitelist 2019-04-25 10:47:01 +00:00			`if len(filteredGroups) == 0 {`
			`return nil, fmt.Errorf("gitlab: user %q is not in any of the required groups", userLogin)`
			`}`
			`return filteredGroups, nil`
			`} else if groupScope {`
			`return gitlabGroups, nil`
			`}`

			`return nil, nil`
			`}`