public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Remove if block with protected resource

This commit is contained in:
Kevin Kreitner 2023-10-18 10:52:38 +02:00 committed by Jan Larwig
parent 7bbe01fe97
commit 15b23228e1
No known key found for this signature in database
GPG Key ID: C2172BFA220A037A
1 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
providers/cidaas.go
View File

@ -5,8 +5,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"strings" "github.com/bitly/go-simplejson"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
@ -39,17 +38,6 @@ func NewCIDAASProvider(p *ProviderData) *CIDAASProvider {
scope: CidaasDefaultScope, scope: CidaasDefaultScope,
}) })
if p.ProtectedResource != nil && p.ProtectedResource.String() != "" {
resource := p.ProtectedResource.String()
if !strings.HasSuffix(resource, "/") {
resource += "/"
}
if p.Scope != "" && !strings.HasPrefix(p.Scope, resource) {
p.Scope = resource + p.Scope
}
}
return &CIDAASProvider{ return &CIDAASProvider{
OIDCProvider: &OIDCProvider{ OIDCProvider: &OIDCProvider{
ProviderData: p, ProviderData: p,
@ -116,14 +104,24 @@ func (p *CIDAASProvider) enrichFromUserinfoEndpoint(ctx context.Context, s *sess
s.Email = email s.Email = email
} }
rawGroupClaim, err := respJSON.Get(p.GroupsClaim).MarshalJSON() groups, err := p.extractGroups(respJSON)
if err != nil { if err != nil {
return err return fmt.Errorf("extracting groups failed: %w", err)
}
s.Groups = groups
return nil
}
func (p *CIDAASProvider) extractGroups(respJSON *simplejson.Json) ([]string, error) {
rawGroupsClaim, err := respJSON.Get(p.GroupsClaim).MarshalJSON()
if err != nil {
return nil, err
} }
var groupsClaimList GroupsClaimList var groupsClaimList GroupsClaimList
err = json.Unmarshal(rawGroupClaim, &groupsClaimList) err = json.Unmarshal(rawGroupsClaim, &groupsClaimList)
if err != nil { if err != nil {
return err return nil, err
} }
var groups []string var groups []string
@ -137,7 +135,7 @@ func (p *CIDAASProvider) enrichFromUserinfoEndpoint(ctx context.Context, s *sess
if rolesVal, rolesClaimExists := respJSON.CheckGet("roles"); rolesClaimExists { if rolesVal, rolesClaimExists := respJSON.CheckGet("roles"); rolesClaimExists {
cidaasRoles, err := rolesVal.StringArray() cidaasRoles, err := rolesVal.StringArray()
if err != nil { if err != nil {
return fmt.Errorf("unmarshal roles failed: %w", err) return nil, fmt.Errorf("unmarshal roles failed: %w", err)
} }
for _, role := range cidaasRoles { for _, role := range cidaasRoles {
@ -145,6 +143,5 @@ func (p *CIDAASProvider) enrichFromUserinfoEndpoint(ctx context.Context, s *sess
} }
} }
s.Groups = groups return groups, nil
return nil
} }