Skip to content
This repository was archived by the owner on Jan 4, 2022. It is now read-only.

Commit 62d7b5e

Browse files
prachidamleAlena Prokharchyk
prachidamle
authored and
Alena Prokharchyk
committed
Validate TenantId while conbfiguring Azure auth
1 parent 6f7de0f commit 62d7b5e

File tree

1 file changed

+9
-1
lines changed
  • code/iaas/auth-logic/src/main/java/io/cattle/platform/iaas/api/auth/integration/azure

1 file changed

+9
-1
lines changed

code/iaas/auth-logic/src/main/java/io/cattle/platform/iaas/api/auth/integration/azure/AzureRESTClient.java

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,15 @@ public String getAccessToken(String code) {
158158
Map<String, Object> jsonData = jsonMapper.readValue(response.getEntity().getContent());
159159
accessToken = ObjectUtils.toString(jsonData.get("access_token"));
160160
refreshToken = ObjectUtils.toString(jsonData.get("refresh_token"));
161-
161+
162+
//Also validate tenantID by issuing a search request for the user, if it errors we error out else login is successful
163+
String filter = "$filter=userPrincipalName%20eq%20'" + URLEncoder.encode(username, "UTF-8") + "'";
164+
HttpResponse newResponse = getFromAzure(accessToken, getURL(AzureClientEndpoints.USERS, "") + "&"+ filter);
165+
statusCode = newResponse.getStatusLine().getStatusCode();
166+
if(statusCode >= 300) {
167+
noAzure(newResponse);
168+
}
169+
162170
ApiContext.getContext().getApiRequest().setAttribute(AzureConstants.AZURE_ACCESS_TOKEN, accessToken);
163171
ApiContext.getContext().getApiRequest().setAttribute(AzureConstants.AZURE_REFRESH_TOKEN, refreshToken);
164172

0 commit comments

Comments
 (0)