Removed the variadic username
Could be useful later on, but for the current PR changes should be minimized
This commit is contained in:
parent
9e00b82bdf
commit
1d2445e1d8
4 changed files with 6 additions and 7 deletions
|
@ -47,7 +47,7 @@ func WithDatabase(db db.AuthDB) Option {
|
||||||
|
|
||||||
// WithGetIdentityFunc sets a custom function to retrieve the identity from
|
// WithGetIdentityFunc sets a custom function to retrieve the identity from
|
||||||
// an external resource.
|
// an external resource.
|
||||||
func WithGetIdentityFunc(fn func(ctx context.Context, p provisioner.Interface, email string, usernames ...string) (*provisioner.Identity, error)) Option {
|
func WithGetIdentityFunc(fn func(ctx context.Context, p provisioner.Interface, email string) (*provisioner.Identity, error)) Option {
|
||||||
return func(a *Authority) error {
|
return func(a *Authority) error {
|
||||||
a.getIdentityFunc = fn
|
a.getIdentityFunc = fn
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -44,7 +44,6 @@ type openIDPayload struct {
|
||||||
AuthorizedParty string `json:"azp"`
|
AuthorizedParty string `json:"azp"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
EmailVerified bool `json:"email_verified"`
|
EmailVerified bool `json:"email_verified"`
|
||||||
PreferredUsername string `json:"preferred_username"`
|
|
||||||
Hd string `json:"hd"`
|
Hd string `json:"hd"`
|
||||||
Nonce string `json:"nonce"`
|
Nonce string `json:"nonce"`
|
||||||
Groups []string `json:"groups"`
|
Groups []string `json:"groups"`
|
||||||
|
|
|
@ -500,10 +500,10 @@ func TestOIDC_AuthorizeSSHSign(t *testing.T) {
|
||||||
assert.FatalError(t, p4.Init(config))
|
assert.FatalError(t, p4.Init(config))
|
||||||
assert.FatalError(t, p5.Init(config))
|
assert.FatalError(t, p5.Init(config))
|
||||||
|
|
||||||
p4.getIdentityFunc = func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
|
p4.getIdentityFunc = func(ctx context.Context, p Interface, email string) (*Identity, error) {
|
||||||
return &Identity{Usernames: []string{"max", "mariano"}}, nil
|
return &Identity{Usernames: []string{"max", "mariano"}}, nil
|
||||||
}
|
}
|
||||||
p5.getIdentityFunc = func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
|
p5.getIdentityFunc = func(ctx context.Context, p Interface, email string) (*Identity, error) {
|
||||||
return nil, errors.New("force")
|
return nil, errors.New("force")
|
||||||
}
|
}
|
||||||
// Additional test needed for empty usernames and duplicate email and usernames
|
// Additional test needed for empty usernames and duplicate email and usernames
|
||||||
|
|
|
@ -337,12 +337,12 @@ type Permissions struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetIdentityFunc is a function that returns an identity.
|
// GetIdentityFunc is a function that returns an identity.
|
||||||
type GetIdentityFunc func(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error)
|
type GetIdentityFunc func(ctx context.Context, p Interface, email string) (*Identity, error)
|
||||||
|
|
||||||
// DefaultIdentityFunc return a default identity depending on the provisioner
|
// DefaultIdentityFunc return a default identity depending on the provisioner
|
||||||
// type. For OIDC email is always present and the usernames might
|
// type. For OIDC email is always present and the usernames might
|
||||||
// contain empty strings.
|
// contain empty strings.
|
||||||
func DefaultIdentityFunc(ctx context.Context, p Interface, email string, usernames ...string) (*Identity, error) {
|
func DefaultIdentityFunc(ctx context.Context, p Interface, email string) (*Identity, error) {
|
||||||
switch k := p.(type) {
|
switch k := p.(type) {
|
||||||
case *OIDC:
|
case *OIDC:
|
||||||
// OIDC principals would be:
|
// OIDC principals would be:
|
||||||
|
@ -354,7 +354,7 @@ func DefaultIdentityFunc(ctx context.Context, p Interface, email string, usernam
|
||||||
if !sshUserRegex.MatchString(name) {
|
if !sshUserRegex.MatchString(name) {
|
||||||
return nil, errors.Errorf("invalid principal '%s' from email '%s'", name, email)
|
return nil, errors.Errorf("invalid principal '%s' from email '%s'", name, email)
|
||||||
}
|
}
|
||||||
usernames = append(usernames, name)
|
usernames := []string{name}
|
||||||
if i := strings.LastIndex(email, "@"); i >= 0 {
|
if i := strings.LastIndex(email, "@"); i >= 0 {
|
||||||
usernames = append(usernames, email[:i])
|
usernames = append(usernames, email[:i])
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue