diff options
| author | Florent Revest <revest@chromium.org> | 2024-10-02 18:41:41 +0200 |
|---|---|---|
| committer | Taras Madan <tarasmadan@google.com> | 2024-10-10 07:36:20 +0000 |
| commit | e4fe0c5d501fb566bb595373babfe41bc67926c8 (patch) | |
| tree | e199049de8e75718575776465299acf6e5272e3a | |
| parent | 0278d00484bfe8f49aa9a7ae5ef4c3bc5cc40cd4 (diff) | |
dashboard: allow multiple allowed authentication domains
In some situations, it could be useful to share access to the dashboard
to multiple authentication domains. The current GlobalConfig format
doesn't really allow it so this deprecates the existing field and add a
new slice of allowed authentication domains.
| -rw-r--r-- | dashboard/app/access.go | 12 | ||||
| -rw-r--r-- | dashboard/app/app_test.go | 2 | ||||
| -rw-r--r-- | dashboard/app/config.go | 4 | ||||
| -rw-r--r-- | docs/setup_syzbot.md | 2 |
4 files changed, 15 insertions, 5 deletions
diff --git a/dashboard/app/access.go b/dashboard/app/access.go index dadaed7f0..0e746aa20 100644 --- a/dashboard/app/access.go +++ b/dashboard/app/access.go @@ -49,6 +49,16 @@ func checkAccessLevel(c context.Context, r *http.Request, level AccessLevel) err // AuthDomain is broken in AppEngine tests. var isBrokenAuthDomainInTest = false +func emailInAuthDomains(email string, authDomains []string) bool { + for _, authDomain := range authDomains { + if strings.HasSuffix(email, authDomain) { + return true + } + } + + return false +} + func accessLevel(c context.Context, r *http.Request) AccessLevel { if user.IsAdmin(c) { switch r.FormValue("access") { @@ -63,7 +73,7 @@ func accessLevel(c context.Context, r *http.Request) AccessLevel { if u == nil || // Devappserver does not pass AuthDomain. u.AuthDomain != "gmail.com" && !isBrokenAuthDomainInTest || - !strings.HasSuffix(u.Email, getConfig(c).AuthDomain) { + !emailInAuthDomains(u.Email, getConfig(c).AuthDomains) { return AccessPublic } return AccessUser diff --git a/dashboard/app/app_test.go b/dashboard/app/app_test.go index 8a82d78d0..97ede2e5a 100644 --- a/dashboard/app/app_test.go +++ b/dashboard/app/app_test.go @@ -42,7 +42,7 @@ func init() { // Config used in tests. var testConfig = &GlobalConfig{ AccessLevel: AccessPublic, - AuthDomain: "@syzkaller.com", + AuthDomains: []string{"@syzkaller.com"}, Clients: map[string]string{ "reporting": "reportingkeyreportingkeyreportingkey", }, diff --git a/dashboard/app/config.go b/dashboard/app/config.go index 946020572..7398b0114 100644 --- a/dashboard/app/config.go +++ b/dashboard/app/config.go @@ -26,8 +26,8 @@ import ( type GlobalConfig struct { // Min access levels specified hierarchically throughout the config. AccessLevel AccessLevel - // Email suffix of authorized users (e.g. "@foobar.com"). - AuthDomain string + // Email suffixes of authorized users (e.g. []string{"@foo.com","@bar.org"}). + AuthDomains []string // Google Analytics Tracking ID. AnalyticsTrackingID string // URL prefix of source coverage reports. diff --git a/docs/setup_syzbot.md b/docs/setup_syzbot.md index b6c05b00b..289ea0e22 100644 --- a/docs/setup_syzbot.md +++ b/docs/setup_syzbot.md @@ -247,7 +247,7 @@ func init() { } var prodConfig = &GlobalConfig{ AccessLevel: AccessPublic, - AuthDomain: "@google.com", + AuthDomains: []string{"@google.com"}, CoverPath: "https://storage.googleapis.com/syzkaller/cover/", Clients: map[string]string{ "$CI_HOSTNAME": "$CI_KEY", |