Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Registering users in Git Proxy Application.Seeking correct process ? #868

Open
hemantsharma90 opened this issue Jan 15, 2025 · 2 comments
Open

Registering users in Git Proxy Application.Seeking correct process ? #868

hemantsharma90 opened this issue Jan 15, 2025 · 2 comments

Comments

@hemantsharma90
Copy link

Discussed in #856

Originally posted by hemantsharma90 December 23, 2024

Hello Team,
We wanted to understand the user management aspects(CRUD Operations of Users) in the Git-Proxy Application
viz.
Registering/Managing Admin Role Users,
Registering /Managing Contributor Role Users,
Registering /Managing Reviewer Role Users.

Didn’t found any documented process to do User Registration(maintaining passwords etc) in the gitproxy documentation.

https://git-proxy.finos.org/docs/.

From the source code of the application , got a fair bit of understanding that we could actually add users by updating [filename: './.data/db/users.db'] , though we reckon there is a much cleaner approach to do the same (which I might be missing while deciphering the source code 😊 ).P.S - I'm not an expert in NodeJS constructs.

Though we can add an approved github/gitlab repository from the ADMIN UI of Git Proxy, and actually can associate registered users as Reviewers/ Contributors for the respective repositories.

#57

However to register a user in the first place is something we want to understand.

Regards,
Hemant Sharma
@hemantsharma90
Copy link
Author

hemantsharma90 commented Jan 15, 2025
edited
Loading

This was completed as per the Issue - #41

However currently in the Admin Console , not able to view the 'Create User Tab'

@grovesy @JamieSlome

@grovesy
Copy link
Member

grovesy commented Feb 19, 2025
edited
Loading

Hi @hemantsharma90

So just refreshed my memory - In a typical setup with Mongo for db and LDAP for auth, when the user first logs in the following happens.

  • Check the users account is in 'users' LDAP group - f
  • If the users account is in the LDAP group, an upsert operation is performed against the DB (so if they exist their record is updated in the DB, if they do not exist a new record is created)
  • The isAdmin flag comes from an LDAP check to see if the user is in the admin LDAP group

https://github.com/finos/git-proxy/blob/main/src/service/passport/activeDirectory.js

        // Now check if the user is an admin
        const isAdmin = await ldaphelper.isUserInAdGroup(profile.username, domain, adminGroup);

        profile.admin = isAdmin;
        console.log(`passport.activeDirectory: ${profile.username} admin=${isAdmin}`);

        const user = {
          username: profile.username,
          admin: isAdmin,
          email: profile._json.mail,
          displayName: profile.displayName,
          title: profile._json.title,
        };

        await db.updateUser(user);

The 'local' authentication with the database file is intended for development / local running only - I believe there was a little helper function somewhere to insert users into the local db.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@grovesy @hemantsharma90