authenticate: update user info dashboard to show group info for enterprise (#3736)

* authenticate: update user info dashboard to show group info for enterprise * Update ui/src/components/GroupDetails.tsx Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2025-08-03 16:59:22 +02:00 · 2022-11-09 07:44:35 -07:00 · 2022-11-09 07:44:35 -07:00 · 2b319822a4
commit 2b319822a4
parent 45ce6f693a
8 changed files with 118 additions and 26 deletions
--- a/authenticate/handlers.go
+++ b/authenticate/handlers.go
@ -17,6 +17,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"

 	"github.com/pomerium/csrf"
+	"github.com/pomerium/datasource/pkg/directory"
 	"github.com/pomerium/pomerium/authenticate/handlers"
 	"github.com/pomerium/pomerium/authenticate/handlers/webauthn"
 	"github.com/pomerium/pomerium/internal/httputil"
@ -545,7 +546,7 @@ func (a *Authenticate) getUserInfoData(r *http.Request) (handlers.UserInfoData,
 	}
 	creationOptions, requestOptions, _ := a.webauthn.GetOptions(r.Context())

-	return handlers.UserInfoData{
+	data := handlers.UserInfoData{
 		CSRFToken:      csrf.Token(r),
 		IsImpersonated: isImpersonated,
 		Session:        pbSession,
@ -556,7 +557,33 @@ func (a *Authenticate) getUserInfoData(r *http.Request) (handlers.UserInfoData,
 		WebAuthnURL:             urlutil.WebAuthnURL(r, authenticateURL, state.sharedKey, r.URL.Query()),

 		BrandingOptions: a.options.Load().BrandingOptions,
-	}, nil
+	}
+	a.fillEnterpriseUserInfoData(r.Context(), &data, pbSession.GetUserId())
+	return data, nil
+}
+
+func (a *Authenticate) fillEnterpriseUserInfoData(
+	ctx context.Context,
+	dst *handlers.UserInfoData,
+	userID string,
+) {
+	client := a.state.Load().dataBrokerClient
+
+	res, _ := client.Get(ctx, &databroker.GetRequest{Type: "type.googleapis.com/pomerium.config.Config", Id: "dashboard"})
+	dst.IsEnterprise = res.GetRecord() != nil
+	if !dst.IsEnterprise {
+		return
+	}
+
+	dst.DirectoryUser, _ = databroker.GetViaJSON[directory.User](ctx, client, directory.UserRecordType, userID)
+	if dst.DirectoryUser != nil {
+		for _, groupID := range dst.DirectoryUser.GroupIDs {
+			directoryGroup, _ := databroker.GetViaJSON[directory.Group](ctx, client, directory.GroupRecordType, groupID)
+			if directoryGroup != nil {
+				dst.DirectoryGroups = append(dst.DirectoryGroups, directoryGroup)
+			}
+		}
+	}
 }

 func (a *Authenticate) saveSessionToDataBroker(
--- a/authenticate/handlers/userinfo.go
+++ b/authenticate/handlers/userinfo.go
@ -6,6 +6,7 @@ import (

 	"google.golang.org/protobuf/encoding/protojson"

+	"github.com/pomerium/datasource/pkg/directory"
 	"github.com/pomerium/pomerium/internal/httputil"
 	"github.com/pomerium/pomerium/pkg/grpc/session"
 	"github.com/pomerium/pomerium/pkg/grpc/user"
@ -20,6 +21,10 @@ type UserInfoData struct {
 	Session        *session.Session
 	User           *user.User

+	IsEnterprise    bool
+	DirectoryUser   *directory.User
+	DirectoryGroups []*directory.Group
+
 	WebAuthnCreationOptions *webauthn.PublicKeyCredentialCreationOptions
 	WebAuthnRequestOptions  *webauthn.PublicKeyCredentialRequestOptions
 	WebAuthnURL             string
@ -38,6 +43,13 @@ func (data UserInfoData) ToJSON() map[string]any {
 	if bs, err := protojson.Marshal(data.User); err == nil {
 		m["user"] = json.RawMessage(bs)
 	}
+	m["isEnterprise"] = data.IsEnterprise
+	if data.DirectoryUser != nil {
+		m["directoryUser"] = data.DirectoryUser
+	}
+	if len(data.DirectoryGroups) > 0 {
+		m["directoryGroups"] = data.DirectoryGroups
+	}
 	m["webAuthnCreationOptions"] = data.WebAuthnCreationOptions
 	m["webAuthnRequestOptions"] = data.WebAuthnRequestOptions
 	m["webAuthnUrl"] = data.WebAuthnURL