feat: oauth2 add groups mapping (#6053)

Co-authored-by: Nicolas Giard <github@ngpixel.com>
This commit is contained in:
Aurélien Lajoie 2023-01-30 00:08:13 +01:00 committed by GitHub
parent 43a797d322
commit 1da80eaab8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 4 deletions

View File

@ -31,6 +31,19 @@ module.exports = {
email: _.get(profile, conf.emailClaim)
}
})
if (conf.mapGroups) {
const groups = _.get(profile, conf.groupsClaim)
if (groups && _.isArray(groups)) {
const currentGroups = (await user.$relatedQuery('groups').select('groups.id')).map(g => g.id)
const expectedGroups = Object.values(WIKI.auth.groups).filter(g => groups.includes(g.name)).map(g => g.id)
for (const groupId of _.difference(expectedGroups, currentGroups)) {
await user.$relatedQuery('groups').relate(groupId)
}
for (const groupId of _.difference(currentGroups, expectedGroups)) {
await user.$relatedQuery('groups').unrelate().where('groupId', groupId)
}
}
}
cb(null, user)
} catch (err) {
cb(err, null)

View File

@ -54,25 +54,38 @@ props:
default: email
maxWidth: 500
order: 8
mapGroups:
type: Boolean
title: Map Groups
hint: Map groups matching names from the groups claim value
default: false
order: 9
groupsClaim:
type: String
title: Groups Claim
hint: Field containing the group names
default: groups
maxWidth: 500
order: 10
logoutURL:
type: String
title: Logout URL
hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
order: 9
order: 11
scope:
type: String
title: Scope
hint: (optional) Application Client permission scopes.
order: 10
order: 12
useQueryStringForAccessToken:
type: Boolean
default: false
title: Pass access token via GET query string to User Info Endpoint
hint: (optional) Pass the access token in an `access_token` parameter attached to the GET query string of the User Info Endpoint URL. Otherwise the access token will be passed in the Authorization header.
order: 11
order: 13
enableCSRFProtection:
type: Boolean
default: true
title: Enable CSRF protection
hint: Pass a nonce state parameter during authentication to protect against CSRF attacks.
order: 12
order: 14