Auth: Add development manual override (#55496) (#55544)

* Auth: Add development manual override * rename to disable_sync_lock (cherry picked from commit 006944a)
grafana · Sep 21, 2022 · 06b71c2 · 06b71c2
1 parent 80784cb
commit 06b71c2
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 3 deletions.
diff --git a/packages/grafana-data/src/types/config.ts b/packages/grafana-data/src/types/config.ts
@@ -221,4 +221,5 @@ export interface GrafanaConfig {
 export interface AuthSettings {
   OAuthSkipOrgRoleUpdateSync?: boolean;
   SAMLSkipOrgRoleSync?: boolean;
+  DisableSyncLock?: boolean;
 }
diff --git a/pkg/api/frontendsettings.go b/pkg/api/frontendsettings.go
@@ -138,6 +138,7 @@ func (hs *HTTPServer) getFrontendSettingsMap(c *models.ReqContext) (map[string]i
 		"auth": map[string]interface{}{
 			"OAuthSkipOrgRoleUpdateSync": hs.Cfg.OAuthSkipOrgRoleUpdateSync,
 			"SAMLSkipOrgRoleSync":        hs.Cfg.SectionWithEnvOverrides("auth.saml").Key("skip_org_role_sync").MustBool(false),
+			"DisableSyncLock":            hs.Cfg.DisableSyncLock,
 		},
 		"buildInfo": map[string]interface{}{
 			"hideVersion":   hideVersion,

diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
@@ -293,6 +293,7 @@ type Cfg struct {
 	BasicAuthEnabled             bool
 	AdminUser                    string
 	AdminPassword                string
+	DisableSyncLock              bool
 
 	// AWS Plugin Auth
 	AWSAllowedAuthProviders []string
@@ -1281,6 +1282,9 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
 		cfg.TokenRotationIntervalMinutes = 2
 	}
 
+	// Debug setting unlocking frontend auth sync lock. Users will still be reset on their next login.
+	cfg.DisableSyncLock = auth.Key("disable_sync_lock").MustBool(false)
+
 	DisableLoginForm = auth.Key("disable_login_form").MustBool(false)
 	DisableSignoutMenu = auth.Key("disable_signout_menu").MustBool(false)
 	OAuthAutoLogin = auth.Key("oauth_auto_login").MustBool(false)

diff --git a/public/app/features/admin/UserAdminPage.tsx b/public/app/features/admin/UserAdminPage.tsx
@@ -114,9 +114,10 @@ export class UserAdminPage extends PureComponent<Props> {
       user?.isExternal && user?.authLabels?.some((r) => SyncedOAuthLabels.includes(r));
     const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
     const isUserSynced =
-      (user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser)) ||
-      (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
-      (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser);
+      !config.auth.DisableSyncLock &&
+      ((user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser)) ||
+        (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
+        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser));
 
     return (
       <Page navModel={navModel}>