From 2b6bb1997c44aa881fd341860e308d65e53d116e Mon Sep 17 00:00:00 2001 From: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com> Date: Thu, 19 Aug 2021 10:02:55 +0200 Subject: [PATCH] Revert ClaimMapping struct Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com> --- connector/oidc/oidc.go | 39 +++++++++++++------------- connector/oidc/oidc_test.go | 56 ++++++++++++++++--------------------- 2 files changed, 44 insertions(+), 51 deletions(-) diff --git a/connector/oidc/oidc.go b/connector/oidc/oidc.go index 04df3715..29241dc6 100644 --- a/connector/oidc/oidc.go +++ b/connector/oidc/oidc.go @@ -61,19 +61,16 @@ type Config struct { // This setting allows you to override the default behavior of Dex and enforce the mappings defined in `claimMapping`. OverrideClaimMapping bool `json:"overrideClaimMapping"` // defaults to false - ClaimMapping ClaimMapping `json:"claimMapping"` -} + ClaimMapping struct { + // Configurable key which contains the preferred username claims + PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username" -type ClaimMapping struct { + // Configurable key which contains the email claims + EmailKey string `json:"email"` // defaults to "email" - // Configurable key which contains the preferred username claims - PreferredUsernameKey string `json:"preferred_username"` // defaults to "preferred_username" - - // Configurable key which contains the email claims - EmailKey string `json:"email"` // defaults to "email" - - // Configurable key which contains the groups claims - GroupsKey string `json:"groups"` // defaults to "groups" + // Configurable key which contains the groups claims + GroupsKey string `json:"groups"` // defaults to "groups" + } `json:"claimMapping"` } // Domains that don't support basic auth. golang.org/x/oauth2 has an internal @@ -162,7 +159,9 @@ func (c *Config) Open(id string, logger log.Logger) (conn connector.Connector, e userIDKey: c.UserIDKey, userNameKey: c.UserNameKey, overrideClaimMapping: c.OverrideClaimMapping, - claimMapping: c.ClaimMapping, + preferredUsernameKey: c.ClaimMapping.PreferredUsernameKey, + emailKey: c.ClaimMapping.EmailKey, + groupsKey: c.ClaimMapping.GroupsKey, }, nil } @@ -186,7 +185,9 @@ type oidcConnector struct { userIDKey string userNameKey string overrideClaimMapping bool - claimMapping ClaimMapping + preferredUsernameKey string + emailKey string + groupsKey string } func (c *oidcConnector) Close() error { @@ -296,8 +297,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I prefUsername := "preferred_username" preferredUsername, found := claims[prefUsername].(string) - if (!found || c.overrideClaimMapping) && c.claimMapping.PreferredUsernameKey != "" { - prefUsername = c.claimMapping.PreferredUsernameKey + if (!found || c.overrideClaimMapping) && c.preferredUsernameKey != "" { + prefUsername = c.preferredUsernameKey preferredUsername, found = claims[prefUsername].(string) if !found { return identity, fmt.Errorf("missing \"%s\" claim", prefUsername) @@ -315,8 +316,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I var email string emailKey := "email" email, found = claims[emailKey].(string) - if (!found || c.overrideClaimMapping) && c.claimMapping.EmailKey != "" { - emailKey = c.claimMapping.EmailKey + if (!found || c.overrideClaimMapping) && c.emailKey != "" { + emailKey = c.emailKey email, found = claims[emailKey].(string) if !found { return identity, fmt.Errorf("missing \"%s\" claim", emailKey) @@ -340,8 +341,8 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I if c.insecureEnableGroups { groupsKey := "groups" vs, found := claims[groupsKey].([]interface{}) - if (!found || c.overrideClaimMapping) && c.claimMapping.GroupsKey != "" { - groupsKey = c.claimMapping.GroupsKey + if (!found || c.overrideClaimMapping) && c.groupsKey != "" { + groupsKey = c.groupsKey vs, found = claims[groupsKey].([]interface{}) } diff --git a/connector/oidc/oidc_test.go b/connector/oidc/oidc_test.go index 267c0fcf..9040cf5c 100644 --- a/connector/oidc/oidc_test.go +++ b/connector/oidc/oidc_test.go @@ -50,7 +50,9 @@ func TestHandleCallback(t *testing.T) { userIDKey string userNameKey string overrideClaimMapping bool - claimMapping ClaimMapping + preferredUsernameKey string + emailKey string + groupsKey string insecureSkipEmailVerified bool scopes []string expectUserID string @@ -77,12 +79,10 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "customEmailClaim", - userIDKey: "", // not configured - userNameKey: "", // not configured - claimMapping: ClaimMapping{ - EmailKey: "mail", - }, + name: "customEmailClaim", + userIDKey: "", // not configured + userNameKey: "", // not configured + emailKey: "mail", expectUserID: "subvalue", expectUserName: "namevalue", expectedEmailField: "emailvalue", @@ -98,16 +98,14 @@ func TestHandleCallback(t *testing.T) { userIDKey: "", // not configured userNameKey: "", // not configured overrideClaimMapping: true, - claimMapping: ClaimMapping{ - EmailKey: "custommail", - }, - expectUserID: "subvalue", - expectUserName: "namevalue", - expectedEmailField: "customemailvalue", + emailKey: "custommail", + expectUserID: "subvalue", + expectUserName: "namevalue", + expectedEmailField: "customemailvalue", token: map[string]interface{}{ "sub": "subvalue", "name": "namevalue", - "mail": "emailvalue", + "email": "emailvalue", "custommail": "customemailvalue", "email_verified": true, }, @@ -151,10 +149,8 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "withPreferredUsernameKey", - claimMapping: ClaimMapping{ - PreferredUsernameKey: "username_key", - }, + name: "withPreferredUsernameKey", + preferredUsernameKey: "username_key", expectUserID: "subvalue", expectUserName: "namevalue", expectPreferredUsername: "username_value", @@ -222,10 +218,8 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "customGroupsKey", - claimMapping: ClaimMapping{ - GroupsKey: "cognito:groups", - }, + name: "customGroupsKey", + groupsKey: "cognito:groups", expectUserID: "subvalue", expectUserName: "namevalue", expectedEmailField: "emailvalue", @@ -241,10 +235,8 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "customGroupsKeyButGroupsProvided", - claimMapping: ClaimMapping{ - GroupsKey: "cognito:groups", - }, + name: "customGroupsKeyButGroupsProvided", + groupsKey: "cognito:groups", expectUserID: "subvalue", expectUserName: "namevalue", expectedEmailField: "emailvalue", @@ -261,11 +253,9 @@ func TestHandleCallback(t *testing.T) { }, }, { - name: "customGroupsKeyButGroupsProvidedButOverride", - overrideClaimMapping: true, - claimMapping: ClaimMapping{ - GroupsKey: "cognito:groups", - }, + name: "customGroupsKeyButGroupsProvidedButOverride", + overrideClaimMapping: true, + groupsKey: "cognito:groups", expectUserID: "subvalue", expectUserName: "namevalue", expectedEmailField: "emailvalue", @@ -312,7 +302,9 @@ func TestHandleCallback(t *testing.T) { BasicAuthUnsupported: &basicAuth, OverrideClaimMapping: tc.overrideClaimMapping, } - config.ClaimMapping = tc.claimMapping + config.ClaimMapping.PreferredUsernameKey = tc.preferredUsernameKey + config.ClaimMapping.EmailKey = tc.emailKey + config.ClaimMapping.GroupsKey = tc.groupsKey conn, err := newConnector(config) if err != nil {