Fix Okta IDP device authorization (#1023)

* hide okta netbird attributes fields

* fix: update full user profile
This commit is contained in:
Bethuel Mmbaga 2023-07-21 10:34:49 +03:00 committed by GitHub
parent 9e540cd5b4
commit a4d830ef83
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -270,21 +270,32 @@ func (om *OktaManager) GetAllAccounts() (map[string][]*UserData, error) {
// UpdateUserAppMetadata updates user app metadata based on userID and metadata map. // UpdateUserAppMetadata updates user app metadata based on userID and metadata map.
func (om *OktaManager) UpdateUserAppMetadata(userID string, appMetadata AppMetadata) error { func (om *OktaManager) UpdateUserAppMetadata(userID string, appMetadata AppMetadata) error {
var pendingInvite bool user, resp, err := om.client.User.GetUser(context.Background(), userID)
if appMetadata.WTPendingInvite != nil { if err != nil {
pendingInvite = *appMetadata.WTPendingInvite return err
} }
_, resp, err := om.client.User.UpdateUser(context.Background(), userID, if resp.StatusCode != http.StatusOK {
okta.User{ if om.appMetrics != nil {
Profile: &okta.UserProfile{ om.appMetrics.IDPMetrics().CountRequestStatusError()
wtAccountID: appMetadata.WTAccountID, }
wtPendingInvite: pendingInvite, return fmt.Errorf("unable to update user, statusCode %d", resp.StatusCode)
}, }
},
nil, profile := *user.Profile
)
if appMetadata.WTPendingInvite != nil {
profile[wtPendingInvite] = *appMetadata.WTPendingInvite
}
if appMetadata.WTAccountID != "" {
profile[wtAccountID] = appMetadata.WTAccountID
}
user.Profile = &profile
_, resp, err = om.client.User.UpdateUser(context.Background(), userID, *user, nil)
if err != nil { if err != nil {
fmt.Println(err.Error())
return err return err
} }
@ -311,7 +322,9 @@ func (om *OktaManager) InviteUserByID(_ string) error {
// updateUserProfileSchema updates the Okta user schema to include custom fields, // updateUserProfileSchema updates the Okta user schema to include custom fields,
// wt_account_id and wt_pending_invite. // wt_account_id and wt_pending_invite.
func updateUserProfileSchema(client *okta.Client) error { func updateUserProfileSchema(client *okta.Client) error {
required := true // Ensure Okta doesn't enforce user input for these fields, as they are solely used by Netbird
userPermissions := []*okta.UserSchemaAttributePermission{{Action: "HIDE", Principal: "SELF"}}
_, resp, err := client.UserSchema.UpdateUserProfile( _, resp, err := client.UserSchema.UpdateUserProfile(
context.Background(), context.Background(),
"default", "default",
@ -324,16 +337,18 @@ func updateUserProfileSchema(client *okta.Client) error {
wtAccountID: { wtAccountID: {
MaxLength: 100, MaxLength: 100,
MinLength: 1, MinLength: 1,
Required: &required, Required: new(bool),
Scope: "NONE", Scope: "NONE",
Title: "Wt Account Id", Title: "Wt Account Id",
Type: "string", Type: "string",
Permissions: userPermissions,
}, },
wtPendingInvite: { wtPendingInvite: {
Required: new(bool), Required: new(bool),
Scope: "NONE", Scope: "NONE",
Title: "Wt Pending Invite", Title: "Wt Pending Invite",
Type: "boolean", Type: "boolean",
Permissions: userPermissions,
}, },
}, },
}, },