Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add auto_create_users option #8222

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Add auto_create_users option #8222

wants to merge 1 commit into from

Conversation

initstring
Copy link

@initstring initstring commented Sep 1, 2024
edited
Loading

Proposed changes

  • Implement AUTO_CREATE_USERS option for Google, GitHub, and Facebook auth

Related issues

(N/A)

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case (coverage and e2e)
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality

Further comments

Hello! This is currently an untested draft pull request, as I'm still exploring and understanding the codebase.

This PR adds a configurable option to control the auto-creation of users from providers (Google, GitHub, Facebook). It sets this option to "true" by default, which will retain backwards compatibility with the existing behavior.

I see in the code and documentation that "providers are trusted" and users are automatically created. This means that if you enable Google Authentication, anyone with a Google account can log in. There is an option to restrict to specific email domains, which is great, but more granularity would be nice.

For example, I may want to use Google Authentication but only authorize users I've explicitly added to the platform. Google is the strategy I am personally testing, but this would probably apply to GitHub and Facebook auth as well.

With this new option, setting PROVIDERS__GOOGLE__CONFIG__AUTO_CREATE_USERS to false would mean that users could log in with Google Auth, but only if that user has an account already created on the server. This would allow an admin to have strict control over who logs in, even from their own Google domain.

A further iteration would be to allow only auto user creation from specific existing Google groups. I may look at that in the future.

Thank you for this great open source product.

@codecov Codecov
Copy link

codecov bot commented Sep 1, 2024

Codecov Report

Attention: Patch coverage is 0% with 12 lines in your changes missing coverage. Please review.

Project coverage is 66.13%. Comparing base (fc45e43) to head (5b8e3b1).

Files with missing lines Patch % Lines
...i-platform/opencti-graphql/src/config/providers.js 0.00% 6 Missing ⚠️
...pencti-platform/opencti-graphql/src/domain/user.js 0.00% 6 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #8222      +/-   ##
==========================================
- Coverage   66.15%   66.13%   -0.02%     
==========================================
  Files         597      597              
  Lines       59899    59906       +7     
  Branches     6142     6140       -2     
==========================================
- Hits        39625    39620       -5     
- Misses      20274    20286      +12

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@initstring