github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 21:17:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: get groups claim from idtokenclaims (#3101)

Browse Source 
* fix: get groups claim from idtokenclaims

Signed-off-by: Philipp Lange <ph.lange@pm.me>

* fix: lint

Signed-off-by: Philipp Lange <ph.lange@pm.me>

---------

Signed-off-by: Philipp Lange <ph.lange@pm.me>
This commit is contained in:
Philipp
2025-04-17 11:02:36 +02:00
committed by GitHub
parent 0e2aa81439
commit 8f3533ac12
2 changed files with 48 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/routes.go
+14 -1
View File
@@ -17,6 +17,7 @@ import (
"net/url"
"path"
"regexp"
"slices"
"sort"
"strconv"
"strings"
@@ -1992,13 +1993,25 @@ func (rh *RouteHandler) OpenIDCodeExchangeCallback() rp.CodeExchangeUserinfoCall
val, ok := info.Claims["groups"].([]interface{})
if !ok {
rh.c.Log.Info().Msgf("failed to find any 'groups' claim for user %s", email)
rh.c.Log.Info().Msgf("failed to find any 'groups' claim for user %s in UserInfo", email)
}
for _, group := range val {
groups = append(groups, fmt.Sprint(group))
}
val, ok = tokens.IDTokenClaims.Claims["groups"].([]interface{})
if !ok {
rh.c.Log.Info().Msgf("failed to find any 'groups' claim for user %s in IDTokenClaimsToken", email)
}
for _, group := range val {
groups = append(groups, fmt.Sprint(group))
}
slices.Sort(groups)
groups = slices.Compact(groups)
callbackUI, err := OAuth2Callback(rh.c, w, r, state, email, groups)
if err != nil {
if errors.Is(err, zerr.ErrInvalidStateCookie) {
pkg/api/routes_test.go
+34
View File
@@ -117,6 +117,40 @@ func TestRoutes(t *testing.T) {
So(resp.StatusCode, ShouldEqual, http.StatusUnauthorized)
})
Convey("Test OpenIDCodeExchangeCallback", func() {
callback := rthdlr.OpenIDCodeExchangeCallback()
ctx := context.TODO()
request, _ := http.NewRequestWithContext(ctx, http.MethodGet, baseURL, nil)
response := httptest.NewRecorder()
tokens := &oidc.Tokens[*oidc.IDTokenClaims]{
IDTokenClaims: &oidc.IDTokenClaims{
Claims: map[string]any{
"groups": []interface{}{"group1", "group3"},
},
},
}
relyingParty, err := rp.NewRelyingPartyOAuth(&oauth2.Config{})
So(err, ShouldBeNil)
userinfo := &oidc.UserInfo{
Subject: "sub",
Claims: map[string]any{
"email": "test@test.com",
"groups": []interface{}{"group1", "group2"},
},
UserInfoEmail: oidc.UserInfoEmail{Email: "test@test.com"},
}
callback(response, request, tokens, "state", relyingParty, userinfo)
resp := response.Result()
defer resp.Body.Close()
So(resp, ShouldNotBeNil)
So(resp.StatusCode, ShouldEqual, http.StatusUnauthorized)
})
Convey("Test OAuth2Callback errors", func() {
ctx := context.TODO()