check if user exists, handle oauth not configured for host SSO

auth/host_session.go

@@ -64,9 +64,7 @@ func SessionHandler(conn *websocket.Conn) {
 	answer := make(chan netcache.CValue, 1)
 	defer close(answer)
 	defer close(timeout)
-	fmt.Println("-------> HEREEEE1")
 	if len(registerMessage.User) > 0 { // handle basic auth
-		fmt.Println("-------> HEREEEE2")
 		logger.Log(0, "user registration attempted with host:", registerMessage.RegisterHost.Name, "user:", registerMessage.User)
 
 		if !servercfg.IsBasicAuthEnabled() {
@@ -111,8 +109,11 @@ func SessionHandler(conn *websocket.Conn) {
 			return
 		}
 	} else { // handle SSO / OAuth
-		fmt.Println("-------> HEREEEE3")
 		if auth_provider == nil {
+			err = conn.WriteMessage(messageType, []byte("Oauth not configured"))
+			if err != nil {
+				logger.Log(0, "error during message writing:", err.Error())
+			}
 			err = conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, ""))
 			if err != nil {
 				logger.Log(0, "error during message writing:", err.Error())

auth/register_callback.go

@@ -68,7 +68,16 @@ func HandleHostSSOCallback(w http.ResponseWriter, r *http.Request) {
 		w.Write(response)
 		return
 	}
-
+	// check if user exists
+	user, err := logic.GetUser(userClaims.getUserName())
+	if err != nil {
+		handleOauthUserNotFound(w)
+		return
+	}
+	if !user.IsAdmin || !user.IsSuperAdmin {
+		handleOauthUserNotAllowed(w)
+		return
+	}
 	logger.Log(1, "registering host for user:", userClaims.getUserName(), reqKeyIf.Host.Name, reqKeyIf.Host.ID.String())
 
 	// Send OK to user in the browser