From fbbb3cc2dfc817e086a1f6e0399bce46f73ecf26 Mon Sep 17 00:00:00 2001 From: Joe Bowers Date: Fri, 25 Sep 2015 17:29:59 -0700 Subject: [PATCH] server: all authorizations fail for disabled users --- integration/user_api_test.go | 2 +- server/user.go | 4 ---- user/api/api.go | 2 +- 3 files changed, 2 insertions(+), 6 deletions(-) diff --git a/integration/user_api_test.go b/integration/user_api_test.go index 6ed8f8da..6d18c857 100644 --- a/integration/user_api_test.go +++ b/integration/user_api_test.go @@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) { id: "ID-1", token: userBadTokenDisabled, - errCode: http.StatusUnauthorized, // TODO test with custom err before merge + errCode: http.StatusUnauthorized, }, { id: "ID-1", diff --git a/server/user.go b/server/user.go index a57ca769..64ce05d0 100644 --- a/server/user.go +++ b/server/user.go @@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) { return api.Creds{}, err } - if usr.Disabled { - return api.Creds{}, api.ErrorUnauthorized - } - isAdmin, err := s.cir.IsDexAdmin(clientID) if err != nil { log.Errorf("userMgmtServer: GetCreds err: %q", err) diff --git a/user/api/api.go b/user/api/api.go index cfc94ae3..2c072811 100644 --- a/user/api/api.go +++ b/user/api/api.go @@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string) } func (u *UsersAPI) Authorize(creds Creds) bool { - return creds.User.Admin + return creds.User.Admin && !creds.User.Disabled } func userToSchemaUser(usr user.User) schema.User {