archive/BookStackApp_BookStack
0
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-04-18 10:28:43 +00:00
Code Issues Projects Releases Wiki Activity

OIDC: Moved name claim option handling from config to service

Browse source 
Closes
This commit is contained in:
Dan Brown 2023-09-11 11:50:58 +01:00
parent 564dc70ac4
commit 05f2ec40cc
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
3 changed files with 22 additions and 4 deletions
app
Access/Oidc
OidcService.php
Config
oidc.php
tests/Auth
OidcTest.php

5
app/Access/Oidc/OidcService.php
View file

@ -142,10 +142,11 @@ class OidcService
*/ */
protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
{ {
$displayNameAttr = $this->config()['display_name_claims']; $displayNameAttrString = $this->config()['display_name_claims'] ?? '';
$displayNameAttrs = explode('|', $displayNameAttrString);
$displayName = []; $displayName = [];
foreach ($displayNameAttr as $dnAttr) { foreach ($displayNameAttrs as $dnAttr) {
$dnComponent = $token->getClaim($dnAttr) ?? ''; $dnComponent = $token->getClaim($dnAttr) ?? '';
if ($dnComponent !== '') { if ($dnComponent !== '') {
$displayName[] = $dnComponent; $displayName[] = $dnComponent;

2
app/Config/oidc.php
View file

@ -9,7 +9,7 @@ return [
'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false), 'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
// Claim, within an OpenId token, to find the user's display name // Claim, within an OpenId token, to find the user's display name
'display_name_claims' => explode('|', env('OIDC_DISPLAY_NAME_CLAIMS', 'name')), 'display_name_claims' => env('OIDC_DISPLAY_NAME_CLAIMS', 'name'),
// Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user. // Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'), 'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),

19
tests/Auth/OidcTest.php
View file

@ -30,7 +30,7 @@ class OidcTest extends TestCase
'auth.method' => 'oidc', 'auth.method' => 'oidc',
'auth.defaults.guard' => 'oidc', 'auth.defaults.guard' => 'oidc',
'oidc.name' => 'SingleSignOn-Testing', 'oidc.name' => 'SingleSignOn-Testing',
'oidc.display_name_claims' => ['name'], 'oidc.display_name_claims' => 'name',
'oidc.client_id' => OidcJwtHelper::defaultClientId(), 'oidc.client_id' => OidcJwtHelper::defaultClientId(),
'oidc.client_secret' => 'testpass', 'oidc.client_secret' => 'testpass',
'oidc.jwt_public_key' => $this->keyFilePath, 'oidc.jwt_public_key' => $this->keyFilePath,
@ -408,6 +408,23 @@ class OidcTest extends TestCase
$this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id); $this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id);
} }
public function test_auth_uses_mulitple_display_name_claims_if_configured()
{
config()->set(['oidc.display_name_claims' => 'first_name|last_name']);
$this->runLogin([
'email' => 'benny@example.com',
'sub' => 'benny1010101',
'first_name' => 'Benny',
'last_name' => 'Jenkins'
]);
$this->assertDatabaseHas('users', [
'name' => 'Benny Jenkins',
'email' => 'benny@example.com',
]);
}
public function test_login_group_sync() public function test_login_group_sync()
{ {
config()->set([ config()->set([