Skip to content

Commit 005a89c

Browse files
hugoShakazmb3rosstimothy
authored
[v17] Fix panic when listing malformed SSO users in web UI (#54681)
* Fix panic when listing malformed SSO users in web UI * Update lib/web/ui/user.go Co-authored-by: Zac Bergquist <[email protected]> * fixup! Update lib/web/ui/user.go * Update lib/web/ui/user.go Co-authored-by: rosstimothy <[email protected]> --------- Co-authored-by: Zac Bergquist <[email protected]> Co-authored-by: rosstimothy <[email protected]>
1 parent 2eed3af commit 005a89c

File tree

2 files changed

+34
-1
lines changed

2 files changed

+34
-1
lines changed

lib/web/ui/user.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,10 @@ type userTraits struct {
6262
AWSRoleARNs []string `json:"awsRoleArns,omitempty"`
6363
}
6464

65+
// unknownSSOAUthType is used when we know the user is from SSO, but we don't
66+
// know the SSO connector name or type.
67+
const unknownSSOAuthType = "unknown SSO"
68+
6569
// User contains data needed by the web UI to display locally saved users.
6670
type User struct {
6771
UserListEntry
@@ -76,7 +80,11 @@ func NewUserListEntry(teleUser types.User) (*UserListEntry, error) {
7680

7781
authType := "local"
7882
if teleUser.GetUserType() == types.UserTypeSSO {
79-
authType = teleUser.GetCreatedBy().Connector.Type
83+
// Gracefully handle a malformed SSO user that doesn't have a "CreatedBy"
84+
authType = unknownSSOAuthType
85+
if connector := teleUser.GetCreatedBy().Connector; connector != nil {
86+
authType = connector.Type
87+
}
8088
}
8189

8290
return &UserListEntry{

lib/web/ui/user_test.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,31 @@ func TestNewUserListEntry(t *testing.T) {
5959
},
6060
},
6161
},
62+
{
63+
name: "malformed sso",
64+
user: &types.UserV2{
65+
Metadata: types.Metadata{
66+
Name: "malformed-sso",
67+
},
68+
Spec: types.UserSpecV2{
69+
Roles: []string{"behavioral-analyst"},
70+
// CreatedBy is not set BUT there's a GitHub identity, so the user's type will be SSO
71+
GithubIdentities: []types.ExternalIdentity{
72+
{
73+
ConnectorID: "github",
74+
Username: "malformed-sso",
75+
UserID: "malformed-sso",
76+
},
77+
},
78+
},
79+
},
80+
want: &UserListEntry{
81+
Name: "malformed-sso",
82+
Roles: []string{"behavioral-analyst"},
83+
// We should not panic and display that we don't know who created the user
84+
AuthType: unknownSSOAuthType,
85+
},
86+
},
6287
}
6388

6489
for _, tt := range tests {

0 commit comments

Comments
 (0)