k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Make oauth user name and user id configurable

Browse Source 
Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
This commit is contained in:
Josh Winters
2019-02-27 14:59:44 -05:00
committed by Rui Yang
parent 9284ffb8c0
commit a087c05ebf
2 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
connector/oauth/oauth.go
View File

@@ -28,6 +28,8 @@ type oauthConnector struct {
userInfoURL string userInfoURL string
scopes []string scopes []string
groupsKey string groupsKey string
userIDKey string
userNameKey string
httpClient *http.Client httpClient *http.Client
logger log.Logger logger log.Logger
} }
@@ -45,6 +47,8 @@ type Config struct {
UserInfoURL string `json:"userInfoURL"` UserInfoURL string `json:"userInfoURL"`
Scopes []string `json:"scopes"` Scopes []string `json:"scopes"`
GroupsKey string `json:"groupsKey"` GroupsKey string `json:"groupsKey"`
UserIDKey string `json:"userIDKey"`
UserNameKey string `json:"userNameKey"`
RootCAs []string `json:"rootCAs"` RootCAs []string `json:"rootCAs"`
InsecureSkipVerify bool `json:"insecureSkipVerify"` InsecureSkipVerify bool `json:"insecureSkipVerify"`
} }
@@ -60,6 +64,8 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
userInfoURL: c.UserInfoURL, userInfoURL: c.UserInfoURL,
scopes: c.Scopes, scopes: c.Scopes,
groupsKey: c.GroupsKey, groupsKey: c.GroupsKey,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
redirectURI: c.RedirectURI, redirectURI: c.RedirectURI,
logger: logger, logger: logger,
} }
@@ -165,17 +171,25 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err) return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
} }
identity.UserID, _ = userInfoResult["user_id"].(string) if c.userIDKey == "" {
c.userIDKey = "user_id"
}
if c.userNameKey == "" {
c.userNameKey = "user_name"
}
if c.groupsKey == "" {
c.groupsKey = "groups"
}
identity.UserID, _ = userInfoResult[c.userIDKey].(string)
identity.Username, _ = userInfoResult[c.userNameKey].(string)
identity.Name, _ = userInfoResult["name"].(string) identity.Name, _ = userInfoResult["name"].(string)
identity.Username, _ = userInfoResult["user_name"].(string)
identity.Email, _ = userInfoResult["email"].(string) identity.Email, _ = userInfoResult["email"].(string)
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool) identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
if s.Groups { if s.Groups {
if c.groupsKey == "" {
c.groupsKey = "groups"
}
groups := map[string]bool{} groups := map[string]bool{}
c.addGroupsFromMap(groups, userInfoResult) c.addGroupsFromMap(groups, userInfoResult)

12
connector/oauth/oauth_test.go
View File

@@ -72,8 +72,8 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
userInfoClaims := map[string]interface{}{ userInfoClaims := map[string]interface{}{
"name": "test-name", "name": "test-name",
"user_name": "test-username", "user_id_key": "test-user-id",
"user_id": "test-user-id", "user_name_key": "test-username",
"email": "test-email", "email": "test-email",
"email_verified": true, "email_verified": true,
"groups_key": []string{"admin-group", "user-group"}, "groups_key": []string{"admin-group", "user-group"},
@@ -93,6 +93,7 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
expectEqual(t, identity.Groups[0], "admin-group") expectEqual(t, identity.Groups[0], "admin-group")
expectEqual(t, identity.Groups[1], "user-group") expectEqual(t, identity.Groups[1], "user-group")
expectEqual(t, identity.Name, "test-name") expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username") expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email") expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true) expectEqual(t, identity.EmailVerified, true)
@@ -106,8 +107,8 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
userInfoClaims := map[string]interface{}{ userInfoClaims := map[string]interface{}{
"name": "test-name", "name": "test-name",
"user_name": "test-username", "user_id_key": "test-user-id",
"user_id": "test-user-id", "user_name_key": "test-username",
"email": "test-email", "email": "test-email",
"email_verified": true, "email_verified": true,
} }
@@ -124,6 +125,7 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
expectEqual(t, len(identity.Groups), 1) expectEqual(t, len(identity.Groups), 1)
expectEqual(t, identity.Groups[0], "test-group") expectEqual(t, identity.Groups[0], "test-group")
expectEqual(t, identity.Name, "test-name") expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username") expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email") expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true) expectEqual(t, identity.EmailVerified, true)
@@ -197,6 +199,8 @@ func newConnector(t *testing.T, serverURL string) *oauthConnector {
UserInfoURL: serverURL + "/userinfo", UserInfoURL: serverURL + "/userinfo",
Scopes: []string{"openid", "groups"}, Scopes: []string{"openid", "groups"},
GroupsKey: "groups_key", GroupsKey: "groups_key",
UserIDKey: "user_id_key",
UserNameKey: "user_name_key",
} }
log := logrus.New() log := logrus.New()