diff --git a/docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md b/docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md index 9d92aaa5e9d..ac71e3aedb6 100644 --- a/docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md +++ b/docs/sources/setup-grafana/configure-security/configure-authentication/github/index.md @@ -79,7 +79,7 @@ The table below describes all GitHub OAuth configuration options. Like any other | `skip_org_role_sync` | No | Set to `true` to stop automatically syncing user roles. | `false` | | `allowed_organizations` | No | List of comma- or space-separated organizations. User must be a member of at least one organization to log in. | | | `allowed_domains` | No | List of comma- or space-separated domains. User must belong to at least one domain to log in. | | -| `team_ids` | No | String list of team IDs. If set, user has to be a member of one of the given teams to log in. | | +| `team_ids` | No | Integer list of team IDs. If set, user has to be a member of one of the given teams to log in. | | | `tls_skip_verify_insecure` | No | If set to `true`, the client accepts any certificate presented by the server and any host name in that certificate. _You should only use this for testing_, because this mode leaves SSL/TLS susceptible to man-in-the-middle attacks. | `false` | | `tls_client_cert` | No | The path to the certificate. | | | `tls_client_key` | No | The path to the key. | | diff --git a/pkg/login/social/connectors/github_oauth.go b/pkg/login/social/connectors/github_oauth.go index 881952ce7a7..b1210a989e7 100644 --- a/pkg/login/social/connectors/github_oauth.go +++ b/pkg/login/social/connectors/github_oauth.go @@ -56,7 +56,8 @@ var ( ) func NewGitHubProvider(info *social.OAuthInfo, cfg *setting.Cfg, ssoSettings ssosettings.Service, features *featuremgmt.FeatureManager) *SocialGithub { - teamIds := mustInts(util.SplitString(info.Extra[teamIdsKey])) + teamIdsSplitted := util.SplitString(info.Extra[teamIdsKey]) + teamIds := mustInts(teamIdsSplitted) config := createOAuthConfig(info, cfg, social.GitHubProviderName) provider := &SocialGithub{ @@ -69,6 +70,10 @@ func NewGitHubProvider(info *social.OAuthInfo, cfg *setting.Cfg, ssoSettings sso // skipOrgRoleSync: info.SkipOrgRoleSync } + if len(teamIdsSplitted) != len(teamIds) { + provider.log.Warn("Failed to parse team ids. Team ids must be a list of numbers.", "teamIds", teamIdsSplitted) + } + if features.IsEnabledGlobally(featuremgmt.FlagSsoSettingsApi) { ssoSettings.RegisterReloadable(social.GitHubProviderName, provider) } @@ -342,7 +347,6 @@ func mustInts(s []string) []int { for _, v := range s { num, err := strconv.Atoi(v) if err != nil { - // TODO: add log here return []int{} } result = append(result, num)