fix: unable to use hyphen in JSON path for oidc-groups-claim option (#2619)

2024-10-07 20:08:44 +02:00 · 2024-10-07 20:08:44 +02:00 · 642ba174d4
parent d68336dcf4
commit 642ba174d4
3 changed files with 22 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -9,6 +9,7 @@
 ## Changes since v7.7.0

 - [#2803](https://github.com/oauth2-proxy/oauth2-proxy/pull/2803) fix: self signed certificate handling in v7.7.0 (@tuunit)
+- [#2619](https://github.com/oauth2-proxy/oauth2-proxy/pull/2619) fix: unable to use hyphen in JSON path for oidc-groups-claim option (@rd-danny-fleer)

 # V7.7.0

--- a/pkg/providers/util/claim_extractor.go
+++ b/pkg/providers/util/claim_extractor.go
@ -11,7 +11,6 @@ import (

 	"github.com/bitly/go-simplejson"
 	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
-	"github.com/ohler55/ojg/jp"
 	"github.com/spf13/cast"
 )

@ -140,12 +139,11 @@ func parseJWT(p string) ([]byte, error) {
 }

 // getClaimFrom gets a claim from a Json object.
-// It can accept either a single claim name or a json path if the path is a valid json path.
+// It can accept either a single claim name or a json path. The claim is always evaluated first as a single claim name.
 // Paths with indexes are not supported.
 func getClaimFrom(claim string, src *simplejson.Json) interface{} {
-	_, err := jp.ParseString(claim)
-	if err != nil {
-		return src.Get(claim).Interface()
+	if value, ok := src.CheckGet(claim); ok {
+		return value.Interface()
 	}
 	claimParts := strings.Split(claim, ".")
 	return src.GetPath(claimParts...).Interface()
--- a/pkg/providers/util/claim_extractor_test.go
+++ b/pkg/providers/util/claim_extractor_test.go
@ -25,6 +25,12 @@ const (
        "idTokenGroup1",
        "idTokenGroup2"
      ],
+	  "nested-groups-claim-containing-hyphen": {
+			"groups": [
+				"nestedClaimContainingHypenGroup1",
+				"nestedClaimContainingHypenGroup2"
+			]
+	  },
      "https://groups.test": [
        "fqdnGroup1",
        "fqdnGroup2"
@ -239,6 +245,18 @@ var _ = Describe("Claim Extractor Suite", func() {
 				expectedValue: []interface{}{"fqdnGroup1", "fqdnGroup2"},
 				expectedError: nil,
 			}),
+			Entry("retrieves claim with nested groups claim containing hyphen", getClaimTableInput{
+				testClaimExtractorOpts: testClaimExtractorOpts{
+					idTokenPayload:        basicIDTokenPayload,
+					setProfileURL:         true,
+					profileRequestHeaders: newAuthorizedHeader(),
+					profileRequestHandler: shouldNotBeRequestedProfileHandler,
+				},
+				claim:         "nested-groups-claim-containing-hyphen.groups",
+				expectExists:  true,
+				expectedValue: []interface{}{"nestedClaimContainingHypenGroup1", "nestedClaimContainingHypenGroup2"},
+				expectedError: nil,
+			}),
 		)
 	})