Merge pull request #3534 from gravitl/fix/auth

Fix/auth

Author: abhishek9686

pro/auth/error.go

@@ -93,7 +93,7 @@ var htmlBaseTemplate = `<!DOCTYPE html>
 </html>`
 
 var oauthNotConfigured = fmt.Sprintf(htmlBaseTemplate, `<h2>Your Netmaker server does not have OAuth configured.</h2>
-<p>Please visit the docs <a href="https://docs.netmaker.io/docs/server-installation/integrating-oauth" target="_blank" rel="noopener">here</a> to learn how to.</p>`)
+<p>Please visit the docs <a href="https://docs.netmaker.io/docs/server-installation/identity-provider-integration-guide" target="_blank" rel="noopener">here</a> to learn how to.</p>`)
 
 var oauthStateInvalid = fmt.Sprintf(htmlBaseTemplate, `<h2>Invalid OAuth Session. Please re-try again.</h2>`)
 

pro/auth/sync.go

@@ -122,6 +122,12 @@ func syncUsers(idpUsers []idp.User) error {
 	filters := logic.GetServerSettings().UserFilters
 
 	for _, user := range idpUsers {
+		if user.AccountArchived {
+			// delete the user if it has been archived.
+			_ = logic.DeleteUser(user.Username)
+			continue
+		}
+
 		var found bool
 		for _, filter := range filters {
 			if strings.HasPrefix(user.Username, filter) {
@@ -150,6 +156,13 @@ func syncUsers(idpUsers []idp.User) error {
 			if err != nil {
 				return err
 			}
+
+			// It's possible that a user can attempt to log in to Netmaker
+			// after the IDP is configured but before the users are synced.
+			// Since the user doesn't exist, a pending user will be
+			// created. Now, since the user is created, the pending user
+			// can be deleted.
+			_ = logic.DeletePendingUser(user.Username)
 		} else if dbUser.AuthType == models.OAuth {
 			if dbUser.AccountDisabled != user.AccountDisabled ||
 				dbUser.DisplayName != user.DisplayName ||

pro/idp/google/google.go

@@ -63,14 +63,15 @@ func (g *Client) GetUsers() ([]idp.User, error) {
 	var retval []idp.User
 	err := g.service.Users.List().
 		Customer("my_customer").
-		Fields("users(id,primaryEmail,name,suspended)", "nextPageToken").
+		Fields("users(id,primaryEmail,name,suspended,archived)", "nextPageToken").
 		Pages(context.TODO(), func(users *admindir.Users) error {
 			for _, user := range users.Users {
 				retval = append(retval, idp.User{
 					ID:              user.Id,
 					Username:        user.PrimaryEmail,
 					DisplayName:     user.Name.FullName,
 					AccountDisabled: user.Suspended,
+					AccountArchived: user.Archived,
 				})
 			}
 

pro/idp/idp.go

@@ -10,6 +10,7 @@ type User struct {
 	Username        string
 	DisplayName     string
 	AccountDisabled bool
+	AccountArchived bool
 }
 
 type Group struct {