UniqueSoft/wg-portal
2
0
Fork 0
mirror of https://github.com/h44z/wg-portal synced 2025-02-26 05:49:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix user group parsing for OAuth login (#317)

Browse Source
This commit is contained in:
Christoph Haas 2025-01-21 17:33:01 +01:00
parent 7a0a2117f5
commit a04eaa4bfb
3 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
internal/app/auth/oauth_common.go
View File

@ -60,7 +60,8 @@ func getOauthFieldMapping(f config.OauthFields) config.OauthFields {
Phone: "phone", Phone: "phone",
Department: "department", Department: "department",
}, },
IsAdmin: "admin_flag", IsAdmin: "admin_flag",
UserGroups: "", // by default, do not use user groups
} }
if f.UserIdentifier != "" { if f.UserIdentifier != "" {
defaultMap.UserIdentifier = f.UserIdentifier defaultMap.UserIdentifier = f.UserIdentifier
@ -83,6 +84,9 @@ func getOauthFieldMapping(f config.OauthFields) config.OauthFields {
if f.IsAdmin != "" { if f.IsAdmin != "" {
defaultMap.IsAdmin = f.IsAdmin defaultMap.IsAdmin = f.IsAdmin
} }
if f.UserGroups != "" {
defaultMap.UserGroups = f.UserGroups
}
return defaultMap return defaultMap
} }

57
internal/app/auth/oauth_common_test.go Normal file
View File

@ -0,0 +1,57 @@
package auth
import (
"encoding/json"
"testing"
"github.com/h44z/wg-portal/internal/config"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func Test_parseOauthUserInfo(t *testing.T) {
userInfoStr := `
{
"at_hash": "REDACTED",
"aud": "REDACTED",
"c_hash": "REDACTED",
"email": "test@mydomain.net",
"email_verified": true,
"exp": 1737404259,
"groups": [
"abuse@mydomain.net",
"postmaster@mydomain.net",
"wgportal-admins@mydomain.net"
],
"iat": 1737317859,
"iss": "https://dex.mydomain.net",
"name": "Test User",
"nonce": "REDACTED",
"sub": "REDACTED"
}
`
userInfo := map[string]interface{}{}
err := json.Unmarshal([]byte(userInfoStr), &userInfo)
require.NoError(t, err)
fieldMapping := getOauthFieldMapping(config.OauthFields{
BaseFields: config.BaseFields{
UserIdentifier: "email",
Email: "email",
Firstname: "name",
Lastname: "family_name",
},
UserGroups: "groups",
})
adminMapping := &config.OauthAdminMapping{
AdminGroupRegex: "^wgportal-admins@mydomain.net$",
}
info, err := parseOauthUserInfo(fieldMapping, adminMapping, userInfo)
assert.NoError(t, err)
assert.True(t, info.IsAdmin)
assert.Equal(t, info.Firstname, "Test User")
assert.Equal(t, info.Lastname, "")
assert.Equal(t, info.Email, "test@mydomain.net")
}

11
internal/util.go
View File

@ -88,6 +88,17 @@ func MapDefaultStringSlice(m map[string]interface{}, key string, dflt []string)
return dflt return dflt
} else { } else {
switch v := tmp.(type) { switch v := tmp.(type) {
case []any:
result := make([]string, 0, len(v))
for _, elem := range v {
switch vElem := elem.(type) {
case string:
result = append(result, vElem)
default:
result = append(result, fmt.Sprintf("%v", vElem))
}
}
return result
case []string: case []string:
return v return v
case string: case string: