feat: set groups based on Azure groups (#7736)

Co-authored-by: Ole Christian Tvedt <ole.christian.tvedt@defa.com>

server/modules/authentication/azure/authentication.js

@@ -48,6 +48,19 @@ module.exports = {
               picture: ''
             }
           })
+          if (conf.mapGroups) {
+            const groups = _.get(profile, '_json.groups')
+            if (groups && _.isArray(groups)) {
+              const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
+              const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
+              for (const groupId of _.difference(expectedGroups, currentGroups)) {
+                await user.$relatedQuery('groups').relate(groupId)
+              }
+              for (const groupId of _.difference(currentGroups, expectedGroups)) {
+                await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
+              }
+            }
+          }
           cb(null, user)
         } catch (err) {
           cb(err, null)

server/modules/authentication/azure/definition.yml

@@ -27,3 +27,9 @@ props:
     title: Cookie Encryption Key String
     hint: Random string with 44-character length.  Setting this enables workaround for Chrome's SameSite cookies.
     order: 3
+  mapGroups:
+    type: Boolean
+    title: Map Groups
+    hint: Map groups matching names from the groups claim value
+    default: false
+    order: 4