From e4fe0c5d501fb566bb595373babfe41bc67926c8 Mon Sep 17 00:00:00 2001 From: Florent Revest Date: Wed, 2 Oct 2024 18:41:41 +0200 Subject: dashboard: allow multiple allowed authentication domains In some situations, it could be useful to share access to the dashboard to multiple authentication domains. The current GlobalConfig format doesn't really allow it so this deprecates the existing field and add a new slice of allowed authentication domains. --- dashboard/app/access.go | 12 +++++++++++- dashboard/app/app_test.go | 2 +- dashboard/app/config.go | 4 ++-- docs/setup_syzbot.md | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/dashboard/app/access.go b/dashboard/app/access.go index dadaed7f0..0e746aa20 100644 --- a/dashboard/app/access.go +++ b/dashboard/app/access.go @@ -49,6 +49,16 @@ func checkAccessLevel(c context.Context, r *http.Request, level AccessLevel) err // AuthDomain is broken in AppEngine tests. var isBrokenAuthDomainInTest = false +func emailInAuthDomains(email string, authDomains []string) bool { + for _, authDomain := range authDomains { + if strings.HasSuffix(email, authDomain) { + return true + } + } + + return false +} + func accessLevel(c context.Context, r *http.Request) AccessLevel { if user.IsAdmin(c) { switch r.FormValue("access") { @@ -63,7 +73,7 @@ func accessLevel(c context.Context, r *http.Request) AccessLevel { if u == nil || // Devappserver does not pass AuthDomain. u.AuthDomain != "gmail.com" && !isBrokenAuthDomainInTest || - !strings.HasSuffix(u.Email, getConfig(c).AuthDomain) { + !emailInAuthDomains(u.Email, getConfig(c).AuthDomains) { return AccessPublic } return AccessUser diff --git a/dashboard/app/app_test.go b/dashboard/app/app_test.go index 8a82d78d0..97ede2e5a 100644 --- a/dashboard/app/app_test.go +++ b/dashboard/app/app_test.go @@ -42,7 +42,7 @@ func init() { // Config used in tests. var testConfig = &GlobalConfig{ AccessLevel: AccessPublic, - AuthDomain: "@syzkaller.com", + AuthDomains: []string{"@syzkaller.com"}, Clients: map[string]string{ "reporting": "reportingkeyreportingkeyreportingkey", }, diff --git a/dashboard/app/config.go b/dashboard/app/config.go index 946020572..7398b0114 100644 --- a/dashboard/app/config.go +++ b/dashboard/app/config.go @@ -26,8 +26,8 @@ import ( type GlobalConfig struct { // Min access levels specified hierarchically throughout the config. AccessLevel AccessLevel - // Email suffix of authorized users (e.g. "@foobar.com"). - AuthDomain string + // Email suffixes of authorized users (e.g. []string{"@foo.com","@bar.org"}). + AuthDomains []string // Google Analytics Tracking ID. AnalyticsTrackingID string // URL prefix of source coverage reports. diff --git a/docs/setup_syzbot.md b/docs/setup_syzbot.md index b6c05b00b..289ea0e22 100644 --- a/docs/setup_syzbot.md +++ b/docs/setup_syzbot.md @@ -247,7 +247,7 @@ func init() { } var prodConfig = &GlobalConfig{ AccessLevel: AccessPublic, - AuthDomain: "@google.com", + AuthDomains: []string{"@google.com"}, CoverPath: "https://storage.googleapis.com/syzkaller/cover/", Clients: map[string]string{ "$CI_HOSTNAME": "$CI_KEY", -- cgit mrf-deployment