gitlab: add groups scope by default when filtering is requested
This commit is contained in:
parent
aeb2861a40
commit
ef08ad8317
@ -84,7 +84,7 @@ type gitlabConnector struct {
|
|||||||
|
|
||||||
func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
||||||
gitlabScopes := []string{scopeUser}
|
gitlabScopes := []string{scopeUser}
|
||||||
if scopes.Groups {
|
if c.groupsRequired(scopes.Groups) {
|
||||||
gitlabScopes = []string{scopeUser, scopeOpenID}
|
gitlabScopes = []string{scopeUser, scopeOpenID}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -156,7 +156,7 @@ func (c *gitlabConnector) HandleCallback(s connector.Scopes, r *http.Request) (i
|
|||||||
identity.UserID = user.Username
|
identity.UserID = user.Username
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.Groups {
|
if c.groupsRequired(s.Groups) {
|
||||||
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return identity, fmt.Errorf("gitlab: get groups: %v", err)
|
return identity, fmt.Errorf("gitlab: get groups: %v", err)
|
||||||
@ -199,7 +199,7 @@ func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Scopes, ident
|
|||||||
ident.Username = username
|
ident.Username = username
|
||||||
ident.Email = user.Email
|
ident.Email = user.Email
|
||||||
|
|
||||||
if s.Groups {
|
if c.groupsRequired(s.Groups) {
|
||||||
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return ident, fmt.Errorf("gitlab: get groups: %v", err)
|
return ident, fmt.Errorf("gitlab: get groups: %v", err)
|
||||||
@ -209,6 +209,10 @@ func (c *gitlabConnector) Refresh(ctx context.Context, s connector.Scopes, ident
|
|||||||
return ident, nil
|
return ident, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *gitlabConnector) groupsRequired(groupScope bool) bool {
|
||||||
|
return len(c.groups) > 0 || groupScope
|
||||||
|
}
|
||||||
|
|
||||||
// user queries the GitLab API for profile information using the provided client. The HTTP
|
// user queries the GitLab API for profile information using the provided client. The HTTP
|
||||||
// client is expected to be constructed by the golang.org/x/oauth2 package, which inserts
|
// client is expected to be constructed by the golang.org/x/oauth2 package, which inserts
|
||||||
// a bearer token as part of the request.
|
// a bearer token as part of the request.
|
||||||
|
Reference in New Issue
Block a user