connector/gitlab: implement useLoginAsID as in GitHub connector
This commit is contained in:
parent
6e98c04f9b
commit
ff34e570b4
@ -33,4 +33,7 @@ connectors:
|
|||||||
# If `groups` is provided, this acts as a whitelist - only the user's GitLab groups that are in the configured `groups` below will go into the groups claim. Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
|
# If `groups` is provided, this acts as a whitelist - only the user's GitLab groups that are in the configured `groups` below will go into the groups claim. Conversely, if the user is not in any of the configured `groups`, the user will not be authenticated.
|
||||||
groups:
|
groups:
|
||||||
- my-group
|
- my-group
|
||||||
|
# flag which will switch from using the internal GitLab id to the users handle (@mention) as the user id.
|
||||||
|
# It is possible for a user to change their own user name but it is very rare for them to do so
|
||||||
|
useLoginAsID: false
|
||||||
```
|
```
|
||||||
|
@ -150,7 +150,7 @@ type githubConnector struct {
|
|||||||
teamNameField string
|
teamNameField string
|
||||||
// if set to true and no orgs are configured then connector loads all user claims (all orgs and team)
|
// if set to true and no orgs are configured then connector loads all user claims (all orgs and team)
|
||||||
loadAllGroups bool
|
loadAllGroups bool
|
||||||
// if set to true will use the users handle rather than their numeric id as the ID
|
// if set to true will use the user's handle rather than their numeric id as the ID
|
||||||
useLoginAsID bool
|
useLoginAsID bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,6 +32,7 @@ type Config struct {
|
|||||||
ClientSecret string `json:"clientSecret"`
|
ClientSecret string `json:"clientSecret"`
|
||||||
RedirectURI string `json:"redirectURI"`
|
RedirectURI string `json:"redirectURI"`
|
||||||
Groups []string `json:"groups"`
|
Groups []string `json:"groups"`
|
||||||
|
UseLoginAsID bool `json:"useLoginAsID"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type gitlabUser struct {
|
type gitlabUser struct {
|
||||||
@ -55,6 +56,7 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
|
|||||||
clientSecret: c.ClientSecret,
|
clientSecret: c.ClientSecret,
|
||||||
logger: logger,
|
logger: logger,
|
||||||
groups: c.Groups,
|
groups: c.Groups,
|
||||||
|
useLoginAsID: c.UseLoginAsID,
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -76,6 +78,8 @@ type gitlabConnector struct {
|
|||||||
clientSecret string
|
clientSecret string
|
||||||
logger log.Logger
|
logger log.Logger
|
||||||
httpClient *http.Client
|
httpClient *http.Client
|
||||||
|
// if set to true will use the user's handle rather than their numeric id as the ID
|
||||||
|
useLoginAsID bool
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
func (c *gitlabConnector) oauth2Config(scopes connector.Scopes) *oauth2.Config {
|
||||||
@ -148,6 +152,9 @@ func (c *gitlabConnector) HandleCallback(s connector.Scopes, r *http.Request) (i
|
|||||||
Email: user.Email,
|
Email: user.Email,
|
||||||
EmailVerified: true,
|
EmailVerified: true,
|
||||||
}
|
}
|
||||||
|
if c.useLoginAsID {
|
||||||
|
identity.UserID = user.Username
|
||||||
|
}
|
||||||
|
|
||||||
if s.Groups {
|
if s.Groups {
|
||||||
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
groups, err := c.getGroups(ctx, client, s.Groups, user.Username)
|
||||||
|
@ -104,7 +104,7 @@ func TestUsernameIncludedInFederatedIdentity(t *testing.T) {
|
|||||||
func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
|
func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
|
||||||
|
|
||||||
s := newTestServer(map[string]interface{}{
|
s := newTestServer(map[string]interface{}{
|
||||||
"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs"},
|
"/api/v4/user": gitlabUser{Email: "some@email.com", ID: 12345678, Name: "Joe Bloggs", Username: "joebloggs"},
|
||||||
"/oauth/token": map[string]interface{}{
|
"/oauth/token": map[string]interface{}{
|
||||||
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9",
|
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9",
|
||||||
"expires_in": "30",
|
"expires_in": "30",
|
||||||
@ -121,11 +121,11 @@ func TestLoginUsedAsIDWhenConfigured(t *testing.T) {
|
|||||||
req, err := http.NewRequest("GET", hostURL.String(), nil)
|
req, err := http.NewRequest("GET", hostURL.String(), nil)
|
||||||
expectNil(t, err)
|
expectNil(t, err)
|
||||||
|
|
||||||
c := gitlabConnector{baseURL: s.URL, httpClient: newClient()}
|
c := gitlabConnector{baseURL: s.URL, httpClient: newClient(), useLoginAsID: true}
|
||||||
identity, err := c.HandleCallback(connector.Scopes{Groups: true}, req)
|
identity, err := c.HandleCallback(connector.Scopes{Groups: true}, req)
|
||||||
|
|
||||||
expectNil(t, err)
|
expectNil(t, err)
|
||||||
expectEquals(t, identity.UserID, "12345678")
|
expectEquals(t, identity.UserID, "joebloggs")
|
||||||
expectEquals(t, identity.Username, "Joe Bloggs")
|
expectEquals(t, identity.Username, "Joe Bloggs")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user