public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fill empty UserIDClaim before assigning it to other values

This commit is contained in:
Marc Schiereck 2022-12-05 20:55:19 +01:00 committed by Marc Schiereck
parent 2d674959a2
commit 82bb08609f
2 changed files with 53 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
providers/providers.go
View File

@ -145,6 +145,10 @@ func newProviderDataFromConfig(providerConfig options.Provider) (*ProviderData,
logger.Printf("Warning: Your provider supports PKCE methods %+q, but you have not enabled one with --code-challenge-method", p.SupportedCodeChallengeMethods) logger.Printf("Warning: Your provider supports PKCE methods %+q, but you have not enabled one with --code-challenge-method", p.SupportedCodeChallengeMethods)
} }
if providerConfig.OIDCConfig.UserIDClaim == "" {
providerConfig.OIDCConfig.UserIDClaim = "email"
}
// TODO (@NickMeves) - Remove This // TODO (@NickMeves) - Remove This
// Backwards Compatibility for Deprecated UserIDClaim option // Backwards Compatibility for Deprecated UserIDClaim option
if providerConfig.OIDCConfig.EmailClaim == options.OIDCEmailClaim && if providerConfig.OIDCConfig.EmailClaim == options.OIDCEmailClaim &&
@ -159,9 +163,6 @@ func newProviderDataFromConfig(providerConfig options.Provider) (*ProviderData,
p.Scope += " groups" p.Scope += " groups"
} }
} }
if providerConfig.OIDCConfig.UserIDClaim == "" {
providerConfig.OIDCConfig.UserIDClaim = "email"
}
p.setAllowedGroups(providerConfig.AllowedGroups) p.setAllowedGroups(providerConfig.AllowedGroups)

49
providers/providers_test.go
View File

@ -221,3 +221,52 @@ func TestCanOverwriteS256(t *testing.T) {
g.Expect(method).To(Equal(CodeChallengeMethodPlain)) g.Expect(method).To(Equal(CodeChallengeMethodPlain))
} }
func TestEmailClaimCorrectlySet(t *testing.T) {
g := NewWithT(t)
testCases := []struct {
name string
userIDClaim string
emailClaim string
expectedEmailClaim string
}{
{
name: "do not override EmailClaim if UserIDClaim is empty",
userIDClaim: "",
emailClaim: "email",
expectedEmailClaim: "email",
},
{
name: "set EmailClaim to UserIDClaim",
userIDClaim: "user_id_claim",
emailClaim: "email",
expectedEmailClaim: "user_id_claim",
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
providerConfig := options.Provider{
ID: providerID,
Type: "oidc",
ClientID: clientID,
ClientSecretFile: clientSecret,
LoginURL: msAuthURL,
RedeemURL: msTokenURL,
OIDCConfig: options.OIDCOptions{
IssuerURL: msIssuerURL,
SkipDiscovery: true,
JwksURL: msKeysURL,
UserIDClaim: tc.userIDClaim,
EmailClaim: tc.emailClaim,
},
}
pd, err := newProviderDataFromConfig(providerConfig)
g.Expect(err).ToNot(HaveOccurred())
g.Expect(pd.EmailClaim).To(Equal(tc.expectedEmailClaim))
})
}
}