Revert ClaimMapping struct

Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
This commit is contained in:
Happy2C0de 2021-08-19 10:02:55 +02:00
parent 14a0aecc81
commit 2b6bb1997c
2 changed files with 44 additions and 51 deletions

View file

@ -61,19 +61,16 @@ type Config struct {
// This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`. // This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`.
OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false
ClaimMapping ClaimMapping `json:"claimMapping"` ClaimMapping struct {
} // Configurable key which contains the preferred username claims
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username"
type ClaimMapping struct { // Configurable key which contains the email claims
EmailKey string `json:"email"` // defaults to "email"
// Configurable key which contains the preferred username claims // Configurable key which contains the groups claims
PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username" GroupsKey string `json:"groups"` // defaults to "groups"
} `json:"claimMapping"`
// Configurable key which contains the email claims
EmailKey string `json:"email"` // defaults to "email"
// Configurable key which contains the groups claims
GroupsKey string `json:"groups"` // defaults to "groups"
} }
// Domains that don't support basic auth. golang.org/x/oauth2 has an internal // Domains that don't support basic auth. golang.org/x/oauth2 has an internal
@ -162,7 +159,9 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e
userIDKey: c.UserIDKey, userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey, userNameKey: c.UserNameKey,
overrideClaimMapping: c.OverrideClaimMapping, overrideClaimMapping: c.OverrideClaimMapping,
claimMapping: c.ClaimMapping, preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey,
emailKey: c.ClaimMapping.EmailKey,
groupsKey: c.ClaimMapping.GroupsKey,
}, nil }, nil
} }
@ -186,7 +185,9 @@ type oidcConnector struct {
userIDKey string userIDKey string
userNameKey string userNameKey string
overrideClaimMapping bool overrideClaimMapping bool
claimMapping ClaimMapping preferredUsernameKey string
emailKey string
groupsKey string
} }
func (c *oidcConnector) Close() error { func (c *oidcConnector) Close() error {
@ -296,8 +297,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
prefUsername := "preferred_username" prefUsername := "preferred_username"
preferredUsername, found := claims[prefUsername].(string) preferredUsername, found := claims[prefUsername].(string)
if (!found || c.overrideClaimMapping) && c.claimMapping.PreferredUsernameKey != "" { if (!found || c.overrideClaimMapping) && c.preferredUsernameKey != "" {
prefUsername = c.claimMapping.PreferredUsernameKey prefUsername = c.preferredUsernameKey
preferredUsername, found = claims[prefUsername].(string) preferredUsername, found = claims[prefUsername].(string)
if !found { if !found {
return identity, fmt.Errorf("missing \"%s\" claim", prefUsername) return identity, fmt.Errorf("missing \"%s\" claim", prefUsername)
@ -315,8 +316,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
var email string var email string
emailKey := "email" emailKey := "email"
email, found = claims[emailKey].(string) email, found = claims[emailKey].(string)
if (!found || c.overrideClaimMapping) && c.claimMapping.EmailKey != "" { if (!found || c.overrideClaimMapping) && c.emailKey != "" {
emailKey = c.claimMapping.EmailKey emailKey = c.emailKey
email, found = claims[emailKey].(string) email, found = claims[emailKey].(string)
if !found { if !found {
return identity, fmt.Errorf("missing \"%s\" claim", emailKey) return identity, fmt.Errorf("missing \"%s\" claim", emailKey)
@ -340,8 +341,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
if c.insecureEnableGroups { if c.insecureEnableGroups {
groupsKey := "groups" groupsKey := "groups"
vs, found := claims[groupsKey].([]interface{}) vs, found := claims[groupsKey].([]interface{})
if (!found || c.overrideClaimMapping) && c.claimMapping.GroupsKey != "" { if (!found || c.overrideClaimMapping) && c.groupsKey != "" {
groupsKey = c.claimMapping.GroupsKey groupsKey = c.groupsKey
vs, found = claims[groupsKey].([]interface{}) vs, found = claims[groupsKey].([]interface{})
} }

View file

@ -50,7 +50,9 @@ func TestHandleCallback(t *testing.T) {
userIDKey string userIDKey string
userNameKey string userNameKey string
overrideClaimMapping bool overrideClaimMapping bool
claimMapping ClaimMapping preferredUsernameKey string
emailKey string
groupsKey string
insecureSkipEmailVerified bool insecureSkipEmailVerified bool
scopes []string scopes []string
expectUserID string expectUserID string
@ -77,12 +79,10 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "customEmailClaim", name: "customEmailClaim",
userIDKey: "", // not configured userIDKey: "", // not configured
userNameKey: "", // not configured userNameKey: "", // not configured
claimMapping: ClaimMapping{ emailKey: "mail",
EmailKey: "mail",
},
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue", expectUserName: "namevalue",
expectedEmailField: "emailvalue", expectedEmailField: "emailvalue",
@ -98,16 +98,14 @@ func TestHandleCallback(t *testing.T) {
userIDKey: "", // not configured userIDKey: "", // not configured
userNameKey: "", // not configured userNameKey: "", // not configured
overrideClaimMapping: true, overrideClaimMapping: true,
claimMapping: ClaimMapping{ emailKey: "custommail",
EmailKey: "custommail", expectUserID: "subvalue",
}, expectUserName: "namevalue",
expectUserID: "subvalue", expectedEmailField: "customemailvalue",
expectUserName: "namevalue",
expectedEmailField: "customemailvalue",
token: map[string]interface{}{ token: map[string]interface{}{
"sub": "subvalue", "sub": "subvalue",
"name": "namevalue", "name": "namevalue",
"mail": "emailvalue", "email": "emailvalue",
"custommail": "customemailvalue", "custommail": "customemailvalue",
"email_verified": true, "email_verified": true,
}, },
@ -151,10 +149,8 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "withPreferredUsernameKey", name: "withPreferredUsernameKey",
claimMapping: ClaimMapping{ preferredUsernameKey: "username_key",
PreferredUsernameKey: "username_key",
},
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue", expectUserName: "namevalue",
expectPreferredUsername: "username_value", expectPreferredUsername: "username_value",
@ -222,10 +218,8 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "customGroupsKey", name: "customGroupsKey",
claimMapping: ClaimMapping{ groupsKey: "cognito:groups",
GroupsKey: "cognito:groups",
},
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue", expectUserName: "namevalue",
expectedEmailField: "emailvalue", expectedEmailField: "emailvalue",
@ -241,10 +235,8 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "customGroupsKeyButGroupsProvided", name: "customGroupsKeyButGroupsProvided",
claimMapping: ClaimMapping{ groupsKey: "cognito:groups",
GroupsKey: "cognito:groups",
},
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue", expectUserName: "namevalue",
expectedEmailField: "emailvalue", expectedEmailField: "emailvalue",
@ -261,11 +253,9 @@ func TestHandleCallback(t *testing.T) {
}, },
}, },
{ {
name: "customGroupsKeyButGroupsProvidedButOverride", name: "customGroupsKeyButGroupsProvidedButOverride",
overrideClaimMapping: true, overrideClaimMapping: true,
claimMapping: ClaimMapping{ groupsKey: "cognito:groups",
GroupsKey: "cognito:groups",
},
expectUserID: "subvalue", expectUserID: "subvalue",
expectUserName: "namevalue", expectUserName: "namevalue",
expectedEmailField: "emailvalue", expectedEmailField: "emailvalue",
@ -312,7 +302,9 @@ func TestHandleCallback(t *testing.T) {
BasicAuthUnsupported: &basicAuth, BasicAuthUnsupported: &basicAuth,
OverrideClaimMapping: tc.overrideClaimMapping, OverrideClaimMapping: tc.overrideClaimMapping,
} }
config.ClaimMapping = tc.claimMapping config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey
config.ClaimMapping.EmailKey = tc.emailKey
config.ClaimMapping.GroupsKey = tc.groupsKey
conn, err := newConnector(config) conn, err := newConnector(config)
if err != nil { if err != nil {