public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fix: unable to use hyphen in JSON path for oidc-groups-claim option (#2619)

This commit is contained in:
rd-danny-fleer 2024-10-07 20:08:44 +02:00 committed by GitHub
parent d68336dcf4
commit 642ba174d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -9,6 +9,7 @@
## Changes since v7.7.0 ## Changes since v7.7.0
- [#2803](https://github.com/oauth2-proxy/oauth2-proxy/pull/2803) fix: self signed certificate handling in v7.7.0 (@tuunit) - [#2803](https://github.com/oauth2-proxy/oauth2-proxy/pull/2803) fix: self signed certificate handling in v7.7.0 (@tuunit)
- [#2619](https://github.com/oauth2-proxy/oauth2-proxy/pull/2619) fix: unable to use hyphen in JSON path for oidc-groups-claim option (@rd-danny-fleer)
# V7.7.0 # V7.7.0

8
pkg/providers/util/claim_extractor.go
View File

@ -11,7 +11,6 @@ import (
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
"github.com/ohler55/ojg/jp"
"github.com/spf13/cast" "github.com/spf13/cast"
) )
@ -140,12 +139,11 @@ func parseJWT(p string) ([]byte, error) {
} }
// getClaimFrom gets a claim from a Json object. // getClaimFrom gets a claim from a Json object.
// It can accept either a single claim name or a json path if the path is a valid json path. // It can accept either a single claim name or a json path. The claim is always evaluated first as a single claim name.
// Paths with indexes are not supported. // Paths with indexes are not supported.
func getClaimFrom(claim string, src *simplejson.Json) interface{} { func getClaimFrom(claim string, src *simplejson.Json) interface{} {
_, err := jp.ParseString(claim) if value, ok := src.CheckGet(claim); ok {
if err != nil { return value.Interface()
return src.Get(claim).Interface()
} }
claimParts := strings.Split(claim, ".") claimParts := strings.Split(claim, ".")
return src.GetPath(claimParts...).Interface() return src.GetPath(claimParts...).Interface()

18
pkg/providers/util/claim_extractor_test.go
View File

@ -25,6 +25,12 @@ const (
"idTokenGroup1", "idTokenGroup1",
"idTokenGroup2" "idTokenGroup2"
], ],
"nested-groups-claim-containing-hyphen": {
"groups": [
"nestedClaimContainingHypenGroup1",
"nestedClaimContainingHypenGroup2"
]
},
"https://groups.test": [ "https://groups.test": [
"fqdnGroup1", "fqdnGroup1",
"fqdnGroup2" "fqdnGroup2"
@ -239,6 +245,18 @@ var _ = Describe("Claim Extractor Suite", func() {
expectedValue: []interface{}{"fqdnGroup1", "fqdnGroup2"}, expectedValue: []interface{}{"fqdnGroup1", "fqdnGroup2"},
expectedError: nil, expectedError: nil,
}), }),
Entry("retrieves claim with nested groups claim containing hyphen", getClaimTableInput{
testClaimExtractorOpts: testClaimExtractorOpts{
idTokenPayload: basicIDTokenPayload,
setProfileURL: true,
profileRequestHeaders: newAuthorizedHeader(),
profileRequestHandler: shouldNotBeRequestedProfileHandler,
},
claim: "nested-groups-claim-containing-hyphen.groups",
expectExists: true,
expectedValue: []interface{}{"nestedClaimContainingHypenGroup1", "nestedClaimContainingHypenGroup2"},
expectedError: nil,
}),
) )
}) })