diff --git a/Documentation/connectors/gitlab.md b/Documentation/connectors/gitlab.md index f85e24c7..74330148 100644 --- a/Documentation/connectors/gitlab.md +++ b/Documentation/connectors/gitlab.md @@ -33,4 +33,7 @@ connectors: # If `groups` is provided, this acts as a whitelist - only the user's GitLab groups that are in the configured `groups` below will go into the groups claim. Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated. groups: - my-group + # flag which will switch from using the internal GitLab id to the users handle (@mention) as the user id. + # It is possible for a user to change their own user name but it is very rare for them to do so + useLoginAsID: false ``` diff --git a/connector/github/github.go b/connector/github/github.go index 9093c6ad..35fe6b92 100644 --- a/connector/github/github.go +++ b/connector/github/github.go @@ -150,7 +150,7 @@ type githubConnector struct { teamNameField string // if set to true and no orgs are configured then connector loads all user claims (all orgs and team) loadAllGroups bool - // if set to true will use the users handle rather than their numeric id as the ID + // if set to true will use the user's handle rather than their numeric id as the ID useLoginAsID bool } diff --git a/connector/gitlab/gitlab.go b/connector/gitlab/gitlab.go index fde519a0..fca6fbf5 100644 --- a/connector/gitlab/gitlab.go +++ b/connector/gitlab/gitlab.go @@ -32,6 +32,7 @@ type Config struct { ClientSecret string `json:"clientSecret"` RedirectURI string `json:"redirectURI"` Groups []string `json:"groups"` + UseLoginAsID bool `json:"useLoginAsID"` } type gitlabUser struct { @@ -55,6 +56,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error) clientSecret: c.ClientSecret, logger: logger, groups: c.Groups, + useLoginAsID: c.UseLoginAsID, }, nil } @@ -76,6 +78,8 @@ type gitlabConnector struct { clientSecret string logger log.Logger httpClient *http.Client + // if set to true will use the user's handle rather than their numeric id as the ID + useLoginAsID bool } func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config { @@ -148,6 +152,9 @@ func (c *gitlabConnector) HandleCallback(s connector.Scopes, r *http.Request) (i Email: user.Email, EmailVerified: true, } + if c.useLoginAsID { + identity.UserID = user.Username + } if s.Groups { groups, err := c.getGroups(ctx, client, s.Groups, user.Username) diff --git a/connector/gitlab/gitlab_test.go b/connector/gitlab/gitlab_test.go index 4be5e0f2..f56621fb 100644 --- a/connector/gitlab/gitlab_test.go +++ b/connector/gitlab/gitlab_test.go @@ -104,7 +104,7 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) { func TestLoginUsedAsIDWhenConfigured(t *testing.T) { s := newTestServer(map[string]interface{}{ - "/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs"}, + "/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"}, "/oauth/token": map[string]interface{}{ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9", "expires_in": "30", @@ -121,11 +121,11 @@ func TestLoginUsedAsIDWhenConfigured(t *testing.T) { req, err := http.NewRequest("GET", hostURL.String(), nil) expectNil(t, err) - c := gitlabConnector{baseURL: s.URL, httpClient: newClient()} + c := gitlabConnector{baseURL: s.URL, httpClient: newClient(), useLoginAsID: true} identity, err := c.HandleCallback(connector.Scopes{Groups: true}, req) expectNil(t, err) - expectEquals(t, identity.UserID, "12345678") + expectEquals(t, identity.UserID, "joebloggs") expectEquals(t, identity.Username, "Joe Bloggs") }