From ba976640c7dd670a203ff65bb0d8e5d45ce107fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5vard=20Elnan?= Date: Fri, 12 Apr 2024 13:06:07 +0200 Subject: [PATCH 1/2] fix wrong ordering in ad provider --- pkg/auth/userauth/activedirectory/ad.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/auth/userauth/activedirectory/ad.go b/pkg/auth/userauth/activedirectory/ad.go index 6ec5cf78..7419f971 100644 --- a/pkg/auth/userauth/activedirectory/ad.go +++ b/pkg/auth/userauth/activedirectory/ad.go @@ -205,7 +205,7 @@ func splitUserId(userId string) (string, string, error) { if len(parts) != 2 { return "", "", fmt.Errorf("invalid userId: %s", userId) } - return parts[1], parts[0], nil + return parts[0], parts[1], nil } func checkUserAccountControl(userAccountControl string) error { From c88b05440a7e975b039909d093d0520071a271ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5vard=20Elnan?= Date: Fri, 12 Apr 2024 13:21:10 +0200 Subject: [PATCH 2/2] add domain to entraId groups --- pkg/auth/userauth/msgraph/msgraph.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/pkg/auth/userauth/msgraph/msgraph.go b/pkg/auth/userauth/msgraph/msgraph.go index b4311b5b..4d2fb949 100644 --- a/pkg/auth/userauth/msgraph/msgraph.go +++ b/pkg/auth/userauth/msgraph/msgraph.go @@ -4,6 +4,8 @@ package msgraph import ( "context" + "fmt" + "strings" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "github.com/NorskHelsenett/ror/pkg/helpers/kvcachehelper" @@ -90,6 +92,8 @@ func (g *MsGraphClient) GetUser(userId string) (*identitymodels.User, error) { } } + addDomainpartToGroups(&groupnames, userId) + ret = &identitymodels.User{ Email: *user.GetUserPrincipalName(), Name: *user.GetDisplayName(), @@ -100,6 +104,19 @@ func (g *MsGraphClient) GetUser(userId string) (*identitymodels.User, error) { return ret, nil } +func addDomainpartToGroups(groupnames *[]string, userId string) { + + _, domain, err := splitUserId(userId) + if err != nil { + domain = "" + } + + // TODO: Add check if domainpart is allready part of the group name + for i, group := range *groupnames { + (*groupnames)[i] = group + "@" + domain + } +} + // getUser gets a user from the graph api func (g *MsGraphClient) getUser(userId string, userChan chan<- models.Userable, errorChan chan<- error) { user, err := g.Client.Users().ByUserId(userId).Get(context.Background(), nil) @@ -143,6 +160,7 @@ func (g *MsGraphClient) getGroupDisplayNames(groups []string, groupCache CacheIn } } + return groupNames, nil } @@ -163,3 +181,11 @@ func (g *MsGraphClient) getGroupDisplayName(groupId string, groupsNameChan chan< groupCache.Add(groupId, *group.GetDisplayName()) groupsNameChan <- *group.GetDisplayName() } + +func splitUserId(userId string) (string, string, error) { + parts := strings.Split(userId, "@") + if len(parts) != 2 { + return "", "", fmt.Errorf("invalid userId: %s", userId) + } + return parts[0], parts[1], nil +}