forked from TrueCloudLab/certificates
Rename and reformat to PreferredUsername
This commit is contained in:
parent
09a21fef26
commit
79eec83f3e
1 changed files with 13 additions and 13 deletions
|
@ -44,7 +44,7 @@ type openIDPayload struct {
|
||||||
AuthorizedParty string `json:"azp"`
|
AuthorizedParty string `json:"azp"`
|
||||||
Email string `json:"email"`
|
Email string `json:"email"`
|
||||||
EmailVerified bool `json:"email_verified"`
|
EmailVerified bool `json:"email_verified"`
|
||||||
Username string `json:"preferred_username"`
|
PreferredUsername string `json:"preferred_username"`
|
||||||
Hd string `json:"hd"`
|
Hd string `json:"hd"`
|
||||||
Nonce string `json:"nonce"`
|
Nonce string `json:"nonce"`
|
||||||
Groups []string `json:"groups"`
|
Groups []string `json:"groups"`
|
||||||
|
@ -90,10 +90,10 @@ func (o *OIDC) IsAdmin(email string) bool {
|
||||||
// IsAdmin returns true if the given groups is in the Admins allowlist, false
|
// IsAdmin returns true if the given groups is in the Admins allowlist, false
|
||||||
// otherwise.
|
// otherwise.
|
||||||
func (o *OIDC) IsAdminGroup(groups []string) bool {
|
func (o *OIDC) IsAdminGroup(groups []string) bool {
|
||||||
for _,g := range groups {
|
for _, g := range groups {
|
||||||
// The groups and emails can be in the same array for now, but consider
|
// The groups and emails can be in the same array for now, but consider
|
||||||
// making a specialized option later.
|
// making a specialized option later.
|
||||||
for _,gadmin := range o.Admins {
|
for _, gadmin := range o.Admins {
|
||||||
if g == gadmin {
|
if g == gadmin {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
@ -394,9 +394,9 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
||||||
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSSHSign")
|
return nil, errs.Wrap(http.StatusInternalServerError, err, "oidc.AuthorizeSSHSign")
|
||||||
}
|
}
|
||||||
// Reuse the contains function provided for simplicity
|
// Reuse the contains function provided for simplicity
|
||||||
if !containsAllMembers(iden.Usernames, []string{claims.Username}){
|
if !containsAllMembers(iden.Usernames, []string{claims.PreferredUsername}) {
|
||||||
// Add preferred_username to the identity's Username
|
// Add preferred_username to the identity's Username
|
||||||
iden.Usernames = append(iden.Usernames, claims.Username)
|
iden.Usernames = append(iden.Usernames, claims.PreferredUsername)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Certificate templates.
|
// Certificate templates.
|
||||||
|
@ -416,7 +416,7 @@ func (o *OIDC) AuthorizeSSHSign(ctx context.Context, token string) ([]SignOption
|
||||||
// Use the default template unless no-templates are configured and email is
|
// Use the default template unless no-templates are configured and email is
|
||||||
// an admin, in that case we will use the parameters in the request.
|
// an admin, in that case we will use the parameters in the request.
|
||||||
isAdmin := o.IsAdmin(claims.Email)
|
isAdmin := o.IsAdmin(claims.Email)
|
||||||
if !isAdmin && len(claims.Groups)>0 {
|
if !isAdmin && len(claims.Groups) > 0 {
|
||||||
isAdmin = o.IsAdminGroup(claims.Groups)
|
isAdmin = o.IsAdminGroup(claims.Groups)
|
||||||
}
|
}
|
||||||
defaultTemplate := sshutil.DefaultTemplate
|
defaultTemplate := sshutil.DefaultTemplate
|
||||||
|
|
Loading…
Reference in a new issue