Skip 404 errors when looking up Google groups

When checking user membership against Google groups the groups are checked one
at a time and in the order that they were supplied. If one of the groups does
not exist then the checking is halted with the following error.

google.go:201: googleapi: Error 404: Resource Not Found: groupKey, notFound

None of the groups following the missing group are checked either. This means
that something as trivial as a typo in the first group will make it impossible
for anybody to login.

This change catches the 404, logs a message, and then carries on as usual. In
this way a typo will cause a particular group to stop working but will not
affect any other groups.
This commit is contained in:
Eskil Andreen 2017-03-28 15:58:18 +02:00
parent 712739f777
commit 652f43ed38

View File

@ -17,6 +17,7 @@ import (
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
"google.golang.org/api/admin/directory/v1"
"google.golang.org/api/googleapi"
)
type GoogleProvider struct {
@ -197,9 +198,13 @@ func userInGroup(service *admin.Service, groups []string, email string) bool {
for _, group := range groups {
members, err := fetchGroupMembers(service, group)
if err != nil {
if err, ok := err.(*googleapi.Error); ok && err.Code == 404 {
log.Printf("error fetching members for group %s: group does not exist", group)
} else {
log.Printf("error fetching group members: %v", err)
return false
}
}
for _, member := range members {
switch member.Type {