Skip to content
This repository has been archived by the owner on Jan 24, 2019. It is now read-only.

Using groups.list with a userkey parameter to determine group membership instead of members.list (#469) #500

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Using groups.list with a userkey parameter to determine group membership instead of members.list (#469) #500

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
33d0a7a
Using members.get to determine group membership instead of members.list
andrewrosezen Nov 14, 2017
bdcdab5
switched from members.get to groups.list with a userKey parameter to …
andrewrosezen Nov 15, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
67 changes: 15 additions & 52 deletions providers/google.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ import (
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"google.golang.org/api/admin/directory/v1"
"google.golang.org/api/googleapi"
)

type GoogleProvider struct {
Expand Down Expand Up @@ -187,67 +186,31 @@ func getAdminService(adminEmail string, credentialsReader io.Reader) *admin.Serv
}

func userInGroup(service *admin.Service, groups []string, email string) bool {
user, err := fetchUser(service, email)
if err != nil {
log.Printf("error fetching user: %v", err)
return false
}
id := user.Id
custID := user.CustomerId

for _, group := range groups {
members, err := fetchGroupMembers(service, group)
if err != nil {
if err, ok := err.(*googleapi.Error); ok && err.Code == 404 {
log.Printf("error fetching members for group %s: group does not exist", group)
} else {
log.Printf("error fetching group members: %v", err)
return false
}
}

for _, member := range members {
switch member.Type {
case "CUSTOMER":
if member.Id == custID {
return true
}
case "USER":
if member.Id == id {
return true
}
}
}
}
return false
}

func fetchUser(service *admin.Service, email string) (*admin.User, error) {
user, err := service.Users.Get(email).Do()
return user, err
}

func fetchGroupMembers(service *admin.Service, group string) ([]*admin.Member, error) {
members := []*admin.Member{}
pageToken := ""
for {
req := service.Members.List(group)
req := service.Groups.List().UserKey(email)
if pageToken != "" {
req.PageToken(pageToken)
}
r, err := req.Do()
resp, err := req.Do()
if err != nil {
return nil, err
log.Printf("Error calling service.Groups.List().userKey(%s)", email)
return false
}
for _, member := range r.Members {
members = append(members, member)
for _, group := range resp.Groups {
for _, allowedgroup := range groups {
if group.Email == allowedgroup {
log.Printf("%s is a member of %s, authorized", email, allowedgroup)
return true
}
}
}
if r.NextPageToken == "" {
break
if resp.NextPageToken == "" {
log.Printf("%s not found in any allowed groups", email)
return false
}
pageToken = r.NextPageToken
pageToken = resp.NextPageToken
}
return members, nil
}

// ValidateGroup validates that the provided email exists in the configured Google
Expand Down