From bae86dbeb0ad68a205454e98e76985dc393183d4 Mon Sep 17 00:00:00 2001 From: Ieva Date: Tue, 6 Jun 2023 17:45:31 +0100 Subject: [PATCH] Auth: Remove Email Lookup from oauth integrations 9.2 (#898) backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x --- pkg/api/login_oauth.go | 17 +++++++++-------- pkg/setting/setting.go | 5 ++++- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go index 22014aee433c2..af00c56a68ccd 100644 --- a/pkg/api/login_oauth.go +++ b/pkg/api/login_oauth.go @@ -302,16 +302,17 @@ func (hs *HTTPServer) SyncUser( connect social.SocialConnector, ) (*user.User, error) { oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile") + lookupParams := models.UserLookupParams{} + if hs.Cfg.OAuthAllowInsecureEmailLookup { + lookupParams.Email = &extUser.Email + } + // add/update user in Grafana cmd := &models.UpsertUserCommand{ - ReqContext: ctx, - ExternalUser: extUser, - SignupAllowed: connect.IsSignupAllowed(), - UserLookupParams: models.UserLookupParams{ - Email: &extUser.Email, - UserID: nil, - Login: nil, - }, + ReqContext: ctx, + ExternalUser: extUser, + SignupAllowed: connect.IsSignupAllowed(), + UserLookupParams: lookupParams, } if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil { diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go index 20e8f78a2f55c..03aa5c17d8682 100644 --- a/pkg/setting/setting.go +++ b/pkg/setting/setting.go @@ -318,7 +318,8 @@ type Cfg struct { AuthProxySyncTTL int // OAuth - OAuthCookieMaxAge int + OAuthCookieMaxAge int + OAuthAllowInsecureEmailLookup bool // JWT Auth JWTAuthEnabled bool @@ -1305,6 +1306,8 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) { return err } + cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false) + const defaultMaxLifetime = "30d" maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime) cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)