Generic OAuth userinfo properies now configurable

When connecting to a generic OAuth provider, you are never sure what object you'll be receiving from the userinfo endpoint (it isn't actually specified anywhere). So this commit adds mapping values to the generic oauth configuration section of config.ini, allowing the user to specify which keys in the remote endpoint it expects to read the UserID, Username, DisplayName, and Email from. Default values if unspecified remain as they were before this commit.
2020-10-22 12:15:55 -07:00 · 2020-10-22 12:15:55 -07:00 · 0aafd0c368
parent 3493921837
commit 0aafd0c368
3 changed files with 32 additions and 4 deletions
--- a/config/config.go
+++ b/config/config.go
@ -110,6 +110,10 @@ type (
 		AuthEndpoint     string `ini:"auth_endpoint"`
 		Scope            string `ini:"scope"`
 		AllowDisconnect  bool   `ini:"allow_disconnect"`
+		MapUserID        string `ini:"map_user_id"`
+		MapUsername      string `ini:"map_username"`
+		MapDisplayName   string `ini:"map_display_name"`
+		MapEmail         string `ini:"map_email"`
 	}

 	// AppCfg holds values that affect how the application functions
--- a/oauth.go
+++ b/oauth.go
@ -266,6 +266,10 @@ func configureGenericOauth(parentHandler *Handler, r *mux.Router, app *App) {
 			HttpClient:       config.DefaultHTTPClient(),
 			CallbackLocation: callbackLocation,
 			Scope:            config.OrDefaultString(app.Config().GenericOauth.Scope, "read_user"),
+			MapUserID:        config.OrDefaultString(app.Config().GenericOauth.MapUserID, "user_id"),
+			MapUsername:      config.OrDefaultString(app.Config().GenericOauth.MapUsername, "username"),
+			MapDisplayName:   config.OrDefaultString(app.Config().GenericOauth.MapDisplayName, "-"),
+			MapEmail:         config.OrDefaultString(app.Config().GenericOauth.MapEmail, "email"),
 		}
 		configureOauthRoutes(parentHandler, r, app, oauthClient, callbackProxy)
 	}
--- a/oauth_generic.go
+++ b/oauth_generic.go
@ -16,6 +16,10 @@ type genericOauthClient struct {
 	InspectLocation  string
 	CallbackLocation string
 	Scope            string
+  MapUserID        string
+  MapUsername      string
+  MapDisplayName   string
+  MapEmail         string
 	HttpClient       HttpClient
 }

@ -104,12 +108,28 @@ func (c genericOauthClient) inspectOauthAccessToken(ctx context.Context, accessT
 		return nil, errors.New("unable to inspect access token")
 	}

-	var inspectResponse InspectResponse
-	if err := limitedJsonUnmarshal(resp.Body, infoRequestMaxLen, &inspectResponse); err != nil {
+	// since we don't know what the JSON from the server will look like, we create a
+	// generic interface and then map manually to values set in the config
+	var genericInterface interface{}
+	if err := limitedJsonUnmarshal(resp.Body, infoRequestMaxLen, &genericInterface); err != nil {
 		return nil, err
 	}
-	if inspectResponse.Error != "" {
-		return nil, errors.New(inspectResponse.Error)
+
+	m := genericInterface.(map[string]interface{})
+
+	// map each relevant field in inspectResponse to the mapped field from the config
+	var inspectResponse InspectResponse
+	if (m[c.MapUserID] != nil) {
+	  inspectResponse.UserID = m[c.MapUserID].(string)
+	}
+	if (m[c.MapUsername] != nil) {
+	  inspectResponse.Username = m[c.MapUsername].(string)
+	}
+	if (m[c.MapDisplayName] != nil) {
+	  inspectResponse.DisplayName = m[c.MapDisplayName].(string)
+	}
+	if (m[c.MapEmail] != nil) {
+	  inspectResponse.Email = m[c.MapEmail].(string)
 	}

 	return &inspectResponse, nil