Revert ClaimMapping struct
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
This commit is contained in:
parent
14a0aecc81
commit
2b6bb1997c
@ -61,19 +61,16 @@ type Config struct {
|
|||||||
// This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`.
|
// This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`.
|
||||||
OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false
|
OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false
|
||||||
|
|
||||||
ClaimMapping ClaimMapping `json:"claimMapping"`
|
ClaimMapping struct {
|
||||||
}
|
// Configurable key which contains the preferred username claims
|
||||||
|
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
|
||||||
|
|
||||||
type ClaimMapping struct {
|
// Configurable key which contains the email claims
|
||||||
|
EmailKey string `json:"email"` // defaults to "email"
|
||||||
|
|
||||||
// Configurable key which contains the preferred username claims
|
// Configurable key which contains the groups claims
|
||||||
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
|
GroupsKey string `json:"groups"` // defaults to "groups"
|
||||||
|
} `json:"claimMapping"`
|
||||||
// Configurable key which contains the email claims
|
|
||||||
EmailKey string `json:"email"` // defaults to "email"
|
|
||||||
|
|
||||||
// Configurable key which contains the groups claims
|
|
||||||
GroupsKey string `json:"groups"` // defaults to "groups"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal
|
||||||
@ -162,7 +159,9 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
|
|||||||
userIDKey: c.UserIDKey,
|
userIDKey: c.UserIDKey,
|
||||||
userNameKey: c.UserNameKey,
|
userNameKey: c.UserNameKey,
|
||||||
overrideClaimMapping: c.OverrideClaimMapping,
|
overrideClaimMapping: c.OverrideClaimMapping,
|
||||||
claimMapping: c.ClaimMapping,
|
preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
|
||||||
|
emailKey: c.ClaimMapping.EmailKey,
|
||||||
|
groupsKey: c.ClaimMapping.GroupsKey,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -186,7 +185,9 @@ type oidcConnector struct {
|
|||||||
userIDKey string
|
userIDKey string
|
||||||
userNameKey string
|
userNameKey string
|
||||||
overrideClaimMapping bool
|
overrideClaimMapping bool
|
||||||
claimMapping ClaimMapping
|
preferredUsernameKey string
|
||||||
|
emailKey string
|
||||||
|
groupsKey string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *oidcConnector) Close() error {
|
func (c *oidcConnector) Close() error {
|
||||||
@ -296,8 +297,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
|||||||
|
|
||||||
prefUsername := "preferred_username"
|
prefUsername := "preferred_username"
|
||||||
preferredUsername, found := claims[prefUsername].(string)
|
preferredUsername, found := claims[prefUsername].(string)
|
||||||
if (!found || c.overrideClaimMapping) && c.claimMapping.PreferredUsernameKey != "" {
|
if (!found || c.overrideClaimMapping) && c.preferredUsernameKey != "" {
|
||||||
prefUsername = c.claimMapping.PreferredUsernameKey
|
prefUsername = c.preferredUsernameKey
|
||||||
preferredUsername, found = claims[prefUsername].(string)
|
preferredUsername, found = claims[prefUsername].(string)
|
||||||
if !found {
|
if !found {
|
||||||
return identity, fmt.Errorf("missing \"%s\" claim", prefUsername)
|
return identity, fmt.Errorf("missing \"%s\" claim", prefUsername)
|
||||||
@ -315,8 +316,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
|||||||
var email string
|
var email string
|
||||||
emailKey := "email"
|
emailKey := "email"
|
||||||
email, found = claims[emailKey].(string)
|
email, found = claims[emailKey].(string)
|
||||||
if (!found || c.overrideClaimMapping) && c.claimMapping.EmailKey != "" {
|
if (!found || c.overrideClaimMapping) && c.emailKey != "" {
|
||||||
emailKey = c.claimMapping.EmailKey
|
emailKey = c.emailKey
|
||||||
email, found = claims[emailKey].(string)
|
email, found = claims[emailKey].(string)
|
||||||
if !found {
|
if !found {
|
||||||
return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
|
return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
|
||||||
@ -340,8 +341,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
|||||||
if c.insecureEnableGroups {
|
if c.insecureEnableGroups {
|
||||||
groupsKey := "groups"
|
groupsKey := "groups"
|
||||||
vs, found := claims[groupsKey].([]interface{})
|
vs, found := claims[groupsKey].([]interface{})
|
||||||
if (!found || c.overrideClaimMapping) && c.claimMapping.GroupsKey != "" {
|
if (!found || c.overrideClaimMapping) && c.groupsKey != "" {
|
||||||
groupsKey = c.claimMapping.GroupsKey
|
groupsKey = c.groupsKey
|
||||||
vs, found = claims[groupsKey].([]interface{})
|
vs, found = claims[groupsKey].([]interface{})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -50,7 +50,9 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
userIDKey string
|
userIDKey string
|
||||||
userNameKey string
|
userNameKey string
|
||||||
overrideClaimMapping bool
|
overrideClaimMapping bool
|
||||||
claimMapping ClaimMapping
|
preferredUsernameKey string
|
||||||
|
emailKey string
|
||||||
|
groupsKey string
|
||||||
insecureSkipEmailVerified bool
|
insecureSkipEmailVerified bool
|
||||||
scopes []string
|
scopes []string
|
||||||
expectUserID string
|
expectUserID string
|
||||||
@ -77,12 +79,10 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "customEmailClaim",
|
name: "customEmailClaim",
|
||||||
userIDKey: "", // not configured
|
userIDKey: "", // not configured
|
||||||
userNameKey: "", // not configured
|
userNameKey: "", // not configured
|
||||||
claimMapping: ClaimMapping{
|
emailKey: "mail",
|
||||||
EmailKey: "mail",
|
|
||||||
},
|
|
||||||
expectUserID: "subvalue",
|
expectUserID: "subvalue",
|
||||||
expectUserName: "namevalue",
|
expectUserName: "namevalue",
|
||||||
expectedEmailField: "emailvalue",
|
expectedEmailField: "emailvalue",
|
||||||
@ -98,16 +98,14 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
userIDKey: "", // not configured
|
userIDKey: "", // not configured
|
||||||
userNameKey: "", // not configured
|
userNameKey: "", // not configured
|
||||||
overrideClaimMapping: true,
|
overrideClaimMapping: true,
|
||||||
claimMapping: ClaimMapping{
|
emailKey: "custommail",
|
||||||
EmailKey: "custommail",
|
expectUserID: "subvalue",
|
||||||
},
|
expectUserName: "namevalue",
|
||||||
expectUserID: "subvalue",
|
expectedEmailField: "customemailvalue",
|
||||||
expectUserName: "namevalue",
|
|
||||||
expectedEmailField: "customemailvalue",
|
|
||||||
token: map[string]interface{}{
|
token: map[string]interface{}{
|
||||||
"sub": "subvalue",
|
"sub": "subvalue",
|
||||||
"name": "namevalue",
|
"name": "namevalue",
|
||||||
"mail": "emailvalue",
|
"email": "emailvalue",
|
||||||
"custommail": "customemailvalue",
|
"custommail": "customemailvalue",
|
||||||
"email_verified": true,
|
"email_verified": true,
|
||||||
},
|
},
|
||||||
@ -151,10 +149,8 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "withPreferredUsernameKey",
|
name: "withPreferredUsernameKey",
|
||||||
claimMapping: ClaimMapping{
|
preferredUsernameKey: "username_key",
|
||||||
PreferredUsernameKey: "username_key",
|
|
||||||
},
|
|
||||||
expectUserID: "subvalue",
|
expectUserID: "subvalue",
|
||||||
expectUserName: "namevalue",
|
expectUserName: "namevalue",
|
||||||
expectPreferredUsername: "username_value",
|
expectPreferredUsername: "username_value",
|
||||||
@ -222,10 +218,8 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "customGroupsKey",
|
name: "customGroupsKey",
|
||||||
claimMapping: ClaimMapping{
|
groupsKey: "cognito:groups",
|
||||||
GroupsKey: "cognito:groups",
|
|
||||||
},
|
|
||||||
expectUserID: "subvalue",
|
expectUserID: "subvalue",
|
||||||
expectUserName: "namevalue",
|
expectUserName: "namevalue",
|
||||||
expectedEmailField: "emailvalue",
|
expectedEmailField: "emailvalue",
|
||||||
@ -241,10 +235,8 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "customGroupsKeyButGroupsProvided",
|
name: "customGroupsKeyButGroupsProvided",
|
||||||
claimMapping: ClaimMapping{
|
groupsKey: "cognito:groups",
|
||||||
GroupsKey: "cognito:groups",
|
|
||||||
},
|
|
||||||
expectUserID: "subvalue",
|
expectUserID: "subvalue",
|
||||||
expectUserName: "namevalue",
|
expectUserName: "namevalue",
|
||||||
expectedEmailField: "emailvalue",
|
expectedEmailField: "emailvalue",
|
||||||
@ -261,11 +253,9 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "customGroupsKeyButGroupsProvidedButOverride",
|
name: "customGroupsKeyButGroupsProvidedButOverride",
|
||||||
overrideClaimMapping: true,
|
overrideClaimMapping: true,
|
||||||
claimMapping: ClaimMapping{
|
groupsKey: "cognito:groups",
|
||||||
GroupsKey: "cognito:groups",
|
|
||||||
},
|
|
||||||
expectUserID: "subvalue",
|
expectUserID: "subvalue",
|
||||||
expectUserName: "namevalue",
|
expectUserName: "namevalue",
|
||||||
expectedEmailField: "emailvalue",
|
expectedEmailField: "emailvalue",
|
||||||
@ -312,7 +302,9 @@ func TestHandleCallback(t *testing.T) {
|
|||||||
BasicAuthUnsupported: &basicAuth,
|
BasicAuthUnsupported: &basicAuth,
|
||||||
OverrideClaimMapping: tc.overrideClaimMapping,
|
OverrideClaimMapping: tc.overrideClaimMapping,
|
||||||
}
|
}
|
||||||
config.ClaimMapping = tc.claimMapping
|
config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
|
||||||
|
config.ClaimMapping.EmailKey = tc.emailKey
|
||||||
|
config.ClaimMapping.GroupsKey = tc.groupsKey
|
||||||
|
|
||||||
conn, err := newConnector(config)
|
conn, err := newConnector(config)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
Reference in New Issue
Block a user