Make oauth user name and user id configurable

Signed-off-by: Josh Winters <jwinters@pivotal.io>
Co-authored-by: Mark Huang <mhuang@pivotal.io>
This commit is contained in:
Josh Winters 2019-02-27 14:59:44 -05:00 committed by Rui Yang
parent 9284ffb8c0
commit a087c05ebf
2 changed files with 28 additions and 10 deletions

View file

@ -28,6 +28,8 @@ type oauthConnector struct {
userInfoURL string
scopes []string
groupsKey string
userIDKey string
userNameKey string
httpClient *http.Client
logger log.Logger
}
@ -45,6 +47,8 @@ type Config struct {
UserInfoURL string `json:"userInfoURL"`
Scopes []string `json:"scopes"`
GroupsKey string `json:"groupsKey"`
UserIDKey string `json:"userIDKey"`
UserNameKey string `json:"userNameKey"`
RootCAs []string `json:"rootCAs"`
InsecureSkipVerify bool `json:"insecureSkipVerify"`
}
@ -60,6 +64,8 @@ func (c *Config) Open(id string, logger log.Logger) (connector.Connector, error)
userInfoURL: c.UserInfoURL,
scopes: c.Scopes,
groupsKey: c.GroupsKey,
userIDKey: c.UserIDKey,
userNameKey: c.UserNameKey,
redirectURI: c.RedirectURI,
logger: logger,
}
@ -165,17 +171,25 @@ func (c *oauthConnector) HandleCallback(s connector.Scopes, r *http.Request) (id
return identity, fmt.Errorf("OAuth Connector: failed to parse userinfo: %v", err)
}
identity.UserID, _ = userInfoResult["user_id"].(string)
identity.Name, _ = userInfoResult["name"].(string)
identity.Username, _ = userInfoResult["user_name"].(string)
identity.Email, _ = userInfoResult["email"].(string)
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
if c.userIDKey == "" {
c.userIDKey = "user_id"
}
if c.userNameKey == "" {
c.userNameKey = "user_name"
}
if s.Groups {
if c.groupsKey == "" {
c.groupsKey = "groups"
}
identity.UserID, _ = userInfoResult[c.userIDKey].(string)
identity.Username, _ = userInfoResult[c.userNameKey].(string)
identity.Name, _ = userInfoResult["name"].(string)
identity.Email, _ = userInfoResult["email"].(string)
identity.EmailVerified, _ = userInfoResult["email_verified"].(bool)
if s.Groups {
groups := map[string]bool{}
c.addGroupsFromMap(groups, userInfoResult)

View file

@ -72,8 +72,8 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
userInfoClaims := map[string]interface{}{
"name": "test-name",
"user_name": "test-username",
"user_id": "test-user-id",
"user_id_key": "test-user-id",
"user_name_key": "test-username",
"email": "test-email",
"email_verified": true,
"groups_key": []string{"admin-group", "user-group"},
@ -93,6 +93,7 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
expectEqual(t, identity.Groups[0], "admin-group")
expectEqual(t, identity.Groups[1], "user-group")
expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true)
@ -106,8 +107,8 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
userInfoClaims := map[string]interface{}{
"name": "test-name",
"user_name": "test-username",
"user_id": "test-user-id",
"user_id_key": "test-user-id",
"user_name_key": "test-username",
"email": "test-email",
"email_verified": true,
}
@ -124,6 +125,7 @@ func TestHandleCallBackForGroupsInToken(t *testing.T) {
expectEqual(t, len(identity.Groups), 1)
expectEqual(t, identity.Groups[0], "test-group")
expectEqual(t, identity.Name, "test-name")
expectEqual(t, identity.UserID, "test-user-id")
expectEqual(t, identity.Username, "test-username")
expectEqual(t, identity.Email, "test-email")
expectEqual(t, identity.EmailVerified, true)
@ -197,6 +199,8 @@ func newConnector(t *testing.T, serverURL string) *oauthConnector {
UserInfoURL: serverURL + "/userinfo",
Scopes: []string{"openid", "groups"},
GroupsKey: "groups_key",
UserIDKey: "user_id_key",
UserNameKey: "user_name_key",
}
log := logrus.New()