admin: Can use GRPC to manage password
This commit is contained in:
parent
77cdfdb355
commit
e23377329a
|
|
@ -35,7 +35,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
|
|||
c.JSON(http.StatusOK, gin.H{"password": passwd})
|
||||
})
|
||||
router.GET("/dex.yaml", func(c *gin.Context) {
|
||||
cfg, err := genDexConfig()
|
||||
_, staticpassword := c.Request.URL.Query()["staticpassword"]
|
||||
cfg, err := genDexConfig(staticpassword)
|
||||
if err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
|
|
@ -44,7 +45,8 @@ func declarePasswordRoutes(router *gin.RouterGroup) {
|
|||
c.String(http.StatusOK, string(cfg))
|
||||
})
|
||||
router.POST("/dex.yaml", func(c *gin.Context) {
|
||||
if dexcfg, err := genDexConfig(); err != nil {
|
||||
_, staticpassword := c.Request.URL.Query()["staticpassword"]
|
||||
if dexcfg, err := genDexConfig(staticpassword); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
} else if err := ioutil.WriteFile(path.Join(pki.PKIDir, "shared", "dex-config.yaml"), []byte(dexcfg), 0644); err != nil {
|
||||
|
|
@ -135,6 +137,10 @@ storage:
|
|||
file: /var/dex/dex.db
|
||||
web:
|
||||
http: 0.0.0.0:5556
|
||||
{{ if .GRPC }}
|
||||
grpc:
|
||||
addr: 127.0.0.1:5557
|
||||
{{ end }}
|
||||
frontend:
|
||||
issuer: Challenge forensic
|
||||
logoURL: {{ .LogoPath }}
|
||||
|
|
@ -210,16 +216,23 @@ type dexConfig struct {
|
|||
Clients []dexConfigClient
|
||||
Teams []*fic.Team
|
||||
LogoPath string
|
||||
GRPC bool
|
||||
}
|
||||
|
||||
func genDexConfig() ([]byte, error) {
|
||||
func genDexConfig(withTeams bool) ([]byte, error) {
|
||||
if OidcSecret == "" {
|
||||
return nil, fmt.Errorf("Unable to generate dex configuration: OIDC Secret not defined. Please define FICOIDC_SECRET in your environment.")
|
||||
}
|
||||
|
||||
teams, err := fic.GetTeams()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
var teams []*fic.Team
|
||||
var err error
|
||||
|
||||
// Should teams be included as static passwords, instead of being managed by GRPC
|
||||
if withTeams {
|
||||
teams, err = fic.GetTeams()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
b := bytes.NewBufferString("")
|
||||
|
|
@ -258,12 +271,20 @@ func genDexConfig() ([]byte, error) {
|
|||
},
|
||||
Teams: teams,
|
||||
LogoPath: logoPath,
|
||||
GRPC: !withTeams,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("An error occurs during template execution: %w", err)
|
||||
}
|
||||
|
||||
// Also generate team associations
|
||||
if !withTeams {
|
||||
teams, err = fic.GetTeams()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
for _, team := range teams {
|
||||
if _, err := os.Stat(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err == nil {
|
||||
if err = os.Remove(path.Join(TeamsDir, fmt.Sprintf("team%02d", team.Id))); err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue