sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-18 08:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "add management side of OIDC authentication"

Browse Source 
This reverts commit 02ce918114.
This commit is contained in:
Alisdair MacLeod
2026-02-03 10:03:38 +00:00
parent 02ce918114
commit 76a39c1dcb
5 changed files with 16 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
management/internals/modules/reverseproxy/manager/manager.go
View File

@@ -145,12 +145,7 @@ func (m *managerImpl) CreateReverseProxy(ctx context.Context, accountID, userID
return nil, fmt.Errorf("failed to create setup key for reverse proxy: %w", err)
}
idp, err := m.getIdentityProvider(ctx, accountID, userID, reverseProxy.Auth.BearerAuth)
if err != nil {
return nil, fmt.Errorf("failed to get identity provider: %w", err)
}
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Create, key.Key, idp))
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Create, key.Key))
return reverseProxy, nil
}
@@ -196,12 +191,7 @@ func (m *managerImpl) UpdateReverseProxy(ctx context.Context, accountID, userID
m.accountManager.StoreEvent(ctx, userID, reverseProxy.ID, accountID, activity.ReverseProxyUpdated, reverseProxy.EventMeta())
idp, err := m.getIdentityProvider(ctx, accountID, userID, reverseProxy.Auth.BearerAuth)
if err != nil {
return nil, fmt.Errorf("failed to get identity provider: %w", err)
}
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Update, "", idp))
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Update, ""))
return reverseProxy, nil
}
@@ -235,14 +225,7 @@ func (m *managerImpl) DeleteReverseProxy(ctx context.Context, accountID, userID,
m.accountManager.StoreEvent(ctx, userID, reverseProxyID, accountID, activity.ReverseProxyDeleted, reverseProxy.EventMeta())
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Delete, "", nil))
m.proxyGRPCServer.SendReverseProxyUpdate(reverseProxy.ToProtoMapping(reverseproxy.Delete, ""))
return nil
}
func (m *managerImpl) getIdentityProvider(ctx context.Context, accountID, userID string, bearerAuth *reverseproxy.BearerAuthConfig) (*types.IdentityProvider, error) {
if bearerAuth == nil || !bearerAuth.Enabled || bearerAuth.IdentityProviderID == "" {
return nil, nil
}
return m.accountManager.GetIdentityProvider(ctx, accountID, bearerAuth.IdentityProviderID, userID)
}

19
management/internals/modules/reverseproxy/reverseproxy.go
View File

@@ -6,11 +6,9 @@ import (
"net/url"
"strconv"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/rs/xid"
log "github.com/sirupsen/logrus"
"github.com/netbirdio/netbird/management/server/types"
"github.com/netbirdio/netbird/shared/management/http/api"
"github.com/netbirdio/netbird/shared/management/proto"
)
@@ -45,7 +43,6 @@ type PINAuthConfig struct {
type BearerAuthConfig struct {
Enabled bool `json:"enabled"`
IdentityProviderID string `json:"identity_provider_id,omitempty"`
DistributionGroups []string `json:"distribution_groups,omitempty" gorm:"serializer:json"`
}
@@ -102,7 +99,6 @@ func (r *ReverseProxy) ToAPIResponse() *api.ReverseProxy {
authConfig.BearerAuth = &api.BearerAuthConfig{
Enabled: r.Auth.BearerAuth.Enabled,
DistributionGroups: &r.Auth.BearerAuth.DistributionGroups,
IdentityProviderId: &r.Auth.BearerAuth.IdentityProviderID,
}
}
@@ -136,7 +132,7 @@ func (r *ReverseProxy) ToAPIResponse() *api.ReverseProxy {
}
}
func (r *ReverseProxy) ToProtoMapping(operation Operation, setupKey string, idp *types.IdentityProvider) *proto.ProxyMapping {
func (r *ReverseProxy) ToProtoMapping(operation Operation, setupKey string) *proto.ProxyMapping {
pathMappings := make([]*proto.PathMapping, 0, len(r.Targets))
for _, target := range r.Targets {
if !target.Enabled {
@@ -173,12 +169,12 @@ func (r *ReverseProxy) ToProtoMapping(operation Operation, setupKey string, idp
auth.Pin = true
}
if r.Auth.BearerAuth != nil && r.Auth.BearerAuth.Enabled && idp != nil {
if r.Auth.BearerAuth != nil && r.Auth.BearerAuth.Enabled {
auth.Oidc = &proto.OIDC{
OidcProviderUrl: idp.Issuer,
OidcClientId: idp.ClientID,
OidcClientSecret: idp.ClientSecret,
OidcScopes: []string{oidc.ScopeOpenID, "profile", "email"},
OidcProviderUrl: "", // TODO:
OidcClientId: "", // TODO:
OidcClientSecret: "", // TODO:
OidcScopes: nil, // TODO:
DistributionGroups: r.Auth.BearerAuth.DistributionGroups,
}
}
@@ -251,9 +247,6 @@ func (r *ReverseProxy) FromAPIRequest(req *api.ReverseProxyRequest, accountID st
bearerAuth := &BearerAuthConfig{
Enabled: req.Auth.BearerAuth.Enabled,
}
if req.Auth.BearerAuth.IdentityProviderId != nil {
bearerAuth.IdentityProviderID = *req.Auth.BearerAuth.IdentityProviderId
}
if req.Auth.BearerAuth.DistributionGroups != nil {
bearerAuth.DistributionGroups = *req.Auth.BearerAuth.DistributionGroups
}