Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

*: add --enable-automatic-registration flag to worker #463

Merged
merged 1 commit into from
Jun 17, 2016
Merged

*: add --enable-automatic-registration flag to worker #463

merged 1 commit into from
Jun 17, 2016

Conversation

ericchiang
Copy link
Contributor

When specified the "--register-on-first-login" allows users logging in through remote connectors to skip registration. This make a lot of sense for connectors like LDAP, which have their own registration upstream.

Closes #310

This change also renames "server/testutil.go" to "server/testutil_test.go" to ensure it's not used outside of tests.

cc @sym3tri

@ericchiang ericchiang force-pushed the register-on-first-login branch from 39ab5cc to 375da03 Compare June 10, 2016 19:14
@chancez
Copy link
Contributor

chancez commented Jun 13, 2016

I think we probably want to carefully think about how we expose this type of knob. In general, this seems like a per-connector configuration, and maybe it's not even something you can configure per-connector, but each connector should probably say whether or not they require registration.

Thus:

  • We should expand the Connector interface to have a RequiresRegistration() bool method.
    • LDAP would hard code this to false for now, making this not configurable.
    • Local & Google would hard code this to true right now to keep it inline with the current defaults. This could be something we expose as a configurable value in the connectors config in the future
  • the --enable-registration flag may conflict with these values. I think we should deprecate that flag (keeping it around until we fix this whole thing up). It may be best to do validation that doesn't allow us to use this flag with connectors that conflict with it, and we simply only support "correct" configurations. This would mean, if you set --enable-registration=true, you cannot add a connector which has a RequiresRegistration(), so it would only be compatible with Google/Local today. If you have --enable-registration=false, then you could only use LDAP (and maybe local with only the admin user).
  • Avoid anything which picks something implicitly for a connector, because it may not make sense in the context of future connectors, or even current ones, which means I'm strongly against making a new flag which indiscriminately enables this behavior for all connectors (such as in this PR).

bobbyrullo
bobbyrullo reviewed Jun 13, 2016
View reviewed changes
server/server.go
remoteIdentity := user.RemoteIdentity{ConnectorID: ses.ConnectorID, ID: ses.Identity.ID}

// Get the connector used to log the user in.
var conn connector.Connector
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Breaking this out into its own method, eg .(s *Server) GetConnectorByID(id string) will make this long method a bit easier to read.

@sym3tri
Copy link

sym3tri commented Jun 16, 2016

LGTM after the remaining comments are addressed

@ericchiang ericchiang force-pushed the register-on-first-login branch 2 times, most recently from ea472ed to 09a6857 Compare June 17, 2016 00:32
@ericchiang ericchiang changed the title *: add --register-on-first-login flag to worker *: add --enable-automatic-registration flag to worker Jun 17, 2016
@ericchiang
Copy link
Contributor Author

@sym3tri renamed to "enable-automatic-registration" to match "enable-registration" to show similarity and made them exclusive.

@sym3tri
Copy link

sym3tri commented Jun 17, 2016

Thanks. LGTM ship it

sym3tri
sym3tri reviewed Jun 17, 2016
View reviewed changes
cmd/dex-worker/main.go
@@ -90,6 +92,11 @@ func main() {
os.Exit(0)
}

if (*enableRegistration) && (*registerOnFirstLogin) {
fmt.Fprintln(os.Stderr, "The flags --enable-registration and --register-on-first-login cannot both be true.")
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo here register-on-first-login is the old name.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@sym3tri
Copy link

sym3tri commented Jun 17, 2016

scratch that LGTM. found a typo

@ericchiang
*: add --enable-automatic-registration flag to worker
35cab93 
For remote connectors, allow users to skip registration.
@ericchiang ericchiang force-pushed the register-on-first-login branch from 09a6857 to 35cab93 Compare June 17, 2016 23:30
@ericchiang ericchiang merged commit e92b6a5 into dexidp:master Jun 17, 2016
@ericchiang ericchiang deleted the register-on-first-login branch June 28, 2016 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ericchiang @chancez @sym3tri @bobbyrullo