server: all authorizations fail for disabled users
This commit is contained in:
Joe Bowers
parent
ffabe03bc0
commit
fbbb3cc2df
3 changed files with 2 additions and 6 deletions
|
|
@ -182,7 +182,7 @@ func TestGetUser(t *testing.T) {
|
||||||
id: "ID-1",
|
id: "ID-1",
|
||||||
|
|
||||||
token: userBadTokenDisabled,
|
token: userBadTokenDisabled,
|
||||||
errCode: http.StatusUnauthorized, // TODO test with custom err before merge
|
errCode: http.StatusUnauthorized,
|
||||||
}, {
|
}, {
|
||||||
id: "ID-1",
|
id: "ID-1",
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -200,10 +200,6 @@ func (s *UserMgmtServer) getCreds(r *http.Request) (api.Creds, error) {
|
||||||
return api.Creds{}, err
|
return api.Creds{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if usr.Disabled {
|
|
||||||
return api.Creds{}, api.ErrorUnauthorized
|
|
||||||
}
|
|
||||||
|
|
||||||
isAdmin, err := s.cir.IsDexAdmin(clientID)
|
isAdmin, err := s.cir.IsDexAdmin(clientID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Errorf("userMgmtServer: GetCreds err: %q", err)
|
log.Errorf("userMgmtServer: GetCreds err: %q", err)
|
||||||
|
|
|
||||||
|
|
@ -197,7 +197,7 @@ func (u *UsersAPI) ListUsers(creds Creds, maxResults int, nextPageToken string)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (u *UsersAPI) Authorize(creds Creds) bool {
|
func (u *UsersAPI) Authorize(creds Creds) bool {
|
||||||
return creds.User.Admin
|
return creds.User.Admin && !creds.User.Disabled
|
||||||
}
|
}
|
||||||
|
|
||||||
func userToSchemaUser(usr user.User) schema.User {
|
func userToSchemaUser(usr user.User) schema.User {
|
||||||
|
|
|
||||||
Reference in a new issue