Populate links response with organiation on JWT

server/auth.go

@@ -11,6 +11,13 @@ import (
 	"github.com/influxdata/chronograf/roles"
 )
 
+// HasAuthorizedToken extracts the token from a request and validates it using the authenticator.
+// It is used by routes that need access to the token to populate links request.
+func HasAuthorizedToken(auth oauth2.Authenticator, r *http.Request) (oauth2.Principal, error) {
+	ctx := r.Context()
+	return auth.Validate(ctx, r)
+}
+
 // AuthorizedToken extracts the token and validates; if valid the next handler
 // will be run.  The principal will be sent to the next handler via the request's
 // Context.  It is up to the next handler to determine if the principal has access.

server/mux.go

@@ -279,8 +279,12 @@ func NewMux(opts MuxOpts, service Service) http.Handler {
 		CustomLinks: opts.CustomLinks,
 	}
 
-	allRoutes.Middleware = EnsureMember
-	router.Handler("GET", "/chronograf/v1/", AuthorizedToken(opts.Auth, opts.Logger, allRoutes))
+	getPrincipal := func(r *http.Request) oauth2.Principal {
+		p, _ := HasAuthorizedToken(opts.Auth, r)
+		return p
+	}
+	allRoutes.GetPrincipal = getPrincipal
+	router.Handler("GET", "/chronograf/v1/", allRoutes)
 
 	var out http.Handler
 

server/routes.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"github.com/influxdata/chronograf"
+	"github.com/influxdata/chronograf/oauth2"
 )
 
 // AuthRoute are the routes for each type of OAuth2 provider
@@ -49,7 +50,7 @@ type getRoutesResponse struct {
 // external links for the client to know about, such as for JSON feeds or custom side nav buttons.
 // Optionally, routes for authentication can be returned.
 type AllRoutes struct {
-	Middleware  func(http.HandlerFunc) http.HandlerFunc
+	GetPrincipal func(r *http.Request) oauth2.Principal // GetPrincipal is used to retrieve the principal on http request.
 	AuthRoutes   []AuthRoute                            // Location of all auth routes. If no auth, this can be empty.
 	LogoutLink   string                                 // Location of the logout route for all auth routes. If no auth, this can be empty.
 	StatusFeed   string                                 // External link to the JSON Feed for the News Feed on the client's Status Page
@@ -57,17 +58,8 @@ type AllRoutes struct {
 	Logger       chronograf.Logger
 }
 
-// ServeHTTP returns all top level routes and external links within chronograf
-func (s *AllRoutes) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	if s.Middleware != nil {
-		s.Middleware(s.serveHTTP)(w, r)
-		return
-	}
-	s.serveHTTP(w, r)
-}
-
 // serveHTTP returns all top level routes and external links within chronograf
-func (a *AllRoutes) serveHTTP(w http.ResponseWriter, r *http.Request) {
+func (a *AllRoutes) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	customLinks, err := NewCustomLinks(a.CustomLinks)
 	if err != nil {
 		Error(w, http.StatusInternalServerError, err.Error(), a.Logger)
@@ -75,8 +67,12 @@ func (a *AllRoutes) serveHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 
 	org := "default"
-	if contextOrg, ok := hasOrganizationContext(r.Context()); ok {
-		org = contextOrg
+	if a.GetPrincipal != nil {
+		// If there is a principal, use the organization to populate the users routes
+		// otherwise use the default organization
+		if p := a.GetPrincipal(r); p.Organization != "" {
+			org = p.Organization
+		}
 	}
 
 	routes := getRoutesResponse{