From c093423307c9a24e89bb55088043e694fe31dbd8 Mon Sep 17 00:00:00 2001 From: Ole Christian Tvedt Date: Wed, 13 Aug 2025 08:53:19 +0200 Subject: [PATCH] feat: set groups based on Azure groups (#7736) Co-authored-by: Ole Christian Tvedt --- .../modules/authentication/azure/authentication.js | 13 +++++++++++++ server/modules/authentication/azure/definition.yml | 6 ++++++ 2 files changed, 19 insertions(+) diff --git a/server/modules/authentication/azure/authentication.js b/server/modules/authentication/azure/authentication.js index a983d148..ec2164a3 100644 --- a/server/modules/authentication/azure/authentication.js +++ b/server/modules/authentication/azure/authentication.js @@ -48,6 +48,19 @@ module.exports = { picture: '' } }) + if (conf.mapGroups) { + const groups = _.get(profile, '_json.groups') + if (groups && _.isArray(groups)) { + const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id) + const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id) + for (const groupId of _.difference(expectedGroups, currentGroups)) { + await user.$relatedQuery('groups').relate(groupId) + } + for (const groupId of _.difference(currentGroups, expectedGroups)) { + await user.$relatedQuery('groups').unrelate().where('groupId', groupId) + } + } + } cb(null, user) } catch (err) { cb(err, null) diff --git a/server/modules/authentication/azure/definition.yml b/server/modules/authentication/azure/definition.yml index ad7d41eb..5c22d727 100644 --- a/server/modules/authentication/azure/definition.yml +++ b/server/modules/authentication/azure/definition.yml @@ -27,3 +27,9 @@ props: title: Cookie Encryption Key String hint: Random string with 44-character length. Setting this enables workaround for Chrome's SameSite cookies. order: 3 + mapGroups: + type: Boolean + title: Map Groups + hint: Map groups matching names from the groups claim value + default: false + order: 4