forked from TrueCloudLab/certificates
Rename and reformat to PreferredUsername
This commit is contained in:
Cristian Le
parent
09a21fef26
commit
79eec83f3e
1 changed files with 13 additions and 13 deletions
|
|
@ -40,14 +40,14 @@ func (c openIDConfiguration) Validate() error {
|
|||
// openIDPayload represents the fields on the id_token JWT payload.
|
||||
type openIDPayload struct {
|
||||
jose.Claims
|
||||
AtHash string `json:"at_hash"`
|
||||
AuthorizedParty string `json:"azp"`
|
||||
Email string `json:"email"`
|
||||
EmailVerified bool `json:"email_verified"`
|
||||
Username string `json:"preferred_username"`
|
||||
Hd string `json:"hd"`
|
||||
Nonce string `json:"nonce"`
|
||||
Groups []string `json:"groups"`
|
||||
AtHash string `json:"at_hash"`
|
||||
AuthorizedParty string `json:"azp"`
|
||||
Email string `json:"email"`
|
||||
EmailVerified bool `json:"email_verified"`
|
||||
PreferredUsername string `json:"preferred_username"`
|
||||
Hd string `json:"hd"`
|
||||
Nonce string `json:"nonce"`
|
||||
Groups []string `json:"groups"`
|
||||
}
|
||||
|
||||
// OIDC represents an OAuth 2.0 OpenID Connect provider.
|
||||
|
|
@ -90,10 +90,10 @@ func (o *OIDC) IsAdmin(email string) bool {
|
|||
// IsAdmin returns true if the given groups is in the Admins allowlist, false
|
||||
// otherwise.
|
||||
func (o *OIDC) IsAdminGroup(groups []string) bool {
|
||||
for _,g := range groups {
|
||||
for _, g := range groups {
|
||||
// The groups and emails can be in the same array for now, but consider
|
||||
// making a specialized option later.
|
||||
for _,gadmin := range o.Admins {
|
||||
for _, gadmin := range o.Admins {
|
||||
if g == gadmin {
|
||||
return true
|
||||
}
|
||||
|
|
@ -394,9 +394,9 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
|||
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSSHSign")
|
||||
}
|
||||
// Reuse the contains function provided for simplicity
|
||||
if !containsAllMembers(iden.Usernames, []string{claims.Username}){
|
||||
if !containsAllMembers(iden.Usernames, []string{claims.PreferredUsername}) {
|
||||
// Add preferred_username to the identity's Username
|
||||
iden.Usernames = append(iden.Usernames, claims.Username)
|
||||
iden.Usernames = append(iden.Usernames, claims.PreferredUsername)
|
||||
}
|
||||
|
||||
// Certificate templates.
|
||||
|
|
@ -416,7 +416,7 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
|||
// Use the default template unless no-templates are configured and email is
|
||||
// an admin, in that case we will use the parameters in the request.
|
||||
isAdmin := o.IsAdmin(claims.Email)
|
||||
if !isAdmin && len(claims.Groups)>0 {
|
||||
if !isAdmin && len(claims.Groups) > 0 {
|
||||
isAdmin = o.IsAdminGroup(claims.Groups)
|
||||
}
|
||||
defaultTemplate := sshutil.DefaultTemplate
|
||||
|
|
|
|||
Loading…
Reference in a new issue