MCPcopy Index your code
hub / github.com/coder/coder / ParseGroupClaims

Method ParseGroupClaims

coderd/idpsync/group.go:74–118  ·  view source on GitHub ↗
(_ context.Context, mergedClaims jwt.MapClaims)

Source from the content-addressed store, hash-verified

72}
73
74func (s AGPLIDPSync) ParseGroupClaims(_ context.Context, mergedClaims jwt.MapClaims) (GroupParams, *HTTPError) {
75 if s.GroupField != "" && len(s.GroupAllowList) > 0 {
76 groupsRaw, ok := mergedClaims[s.GroupField]
77 if !ok {
78 return GroupParams{}, &HTTPError{
79 Code: http.StatusForbidden,
80 Msg: "Not a member of an allowed group",
81 Detail: "You have no groups in your claims!",
82 RenderStaticPage: true,
83 }
84 }
85 parsedGroups, err := ParseStringSliceClaim(groupsRaw)
86 if err != nil {
87 return GroupParams{}, &HTTPError{
88 Code: http.StatusBadRequest,
89 Msg: "Failed read groups from claims for allow list check. Ask an administrator for help.",
90 Detail: err.Error(),
91 RenderStaticPage: true,
92 }
93 }
94
95 inAllowList := false
96 AllowListCheckLoop:
97 for _, group := range parsedGroups {
98 if _, ok := s.GroupAllowList[group]; ok {
99 inAllowList = true
100 break AllowListCheckLoop
101 }
102 }
103
104 if !inAllowList {
105 return GroupParams{}, &HTTPError{
106 Code: http.StatusForbidden,
107 Msg: "Not a member of an allowed group",
108 Detail: "Ask an administrator to add one of your groups to the allow list.",
109 RenderStaticPage: true,
110 }
111 }
112 }
113
114 return GroupParams{
115 SyncEntitled: s.GroupSyncEntitled(),
116 MergedClaims: mergedClaims,
117 }, nil
118}
119
120func (s AGPLIDPSync) SyncGroups(ctx context.Context, db database.Store, user database.User, params GroupParams) error {
121 // Nothing happens if sync is not enabled

Callers

nothing calls this directly

Calls 3

GroupSyncEntitledMethod · 0.95
ParseStringSliceClaimFunction · 0.85
ErrorMethod · 0.45

Tested by

no test coverage detected