Merge pull request #9 from igurucelain/branch-7.4.0-0.2

[GS-8294] New field username and tenants in oauth profile

oauthproxy.go

@@ -715,12 +715,16 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) {
 		Groups            []string `json:"groups,omitempty"`
 		PreferredUsername string   `json:"preferredUsername,omitempty"`
 		Tenant            string   `json:"tenant,omitempty"`
+		Username          string   `json:"username,omitempty"`
+		Tenants           []string `json:"tenants,omitempty"`
 	}{
 		User:              session.User,
 		Email:             session.Email,
 		Groups:            session.Groups,
 		PreferredUsername: session.PreferredUsername,
 		Tenant:            session.Tenant,
+		Username:          session.Username,
+		Tenants:           session.Tenants,
 	}
 
 	if err := json.NewEncoder(rw).Encode(userInfo); err != nil {

pkg/apis/sessions/session_state.go

@@ -28,9 +28,9 @@ type SessionState struct {
 	User              string   `msgpack:"u,omitempty"`
 	Groups            []string `msgpack:"g,omitempty"`
 	PreferredUsername string   `msgpack:"pu,omitempty"`
-
-	Tenant string `msgpack:"t,omitempty"`
-
+	Tenant            string   `msgpack:"t,omitempty"`
+	Username          string   `msgpack:"un,omitempty"`
+	Tenants           []string `msgpack:"tt,omitempty"`
 	// Internal helpers, not serialized
 	Clock clock.Clock `msgpack:"-"`
 	Lock  Lock        `msgpack:"-"`
@@ -103,7 +103,7 @@ func (s *SessionState) Age() time.Duration {
 
 // String constructs a summary of the session state
 func (s *SessionState) String() string {
-	o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s", s.Email, s.User, s.PreferredUsername)
+	o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s Username:%s", s.Email, s.User, s.PreferredUsername, s.Username)
 	if s.Tenant != "" {
 		o += fmt.Sprintf(" tenant:%s", s.Tenant)
 	}
@@ -125,6 +125,9 @@ func (s *SessionState) String() string {
 	if len(s.Groups) > 0 {
 		o += fmt.Sprintf(" groups:%v", s.Groups)
 	}
+	if len(s.Tenants) > 0 {
+		o += fmt.Sprintf(" tenants:%v", s.Tenants)
+	}
 	return o + "}"
 }
 
@@ -153,6 +156,12 @@ func (s *SessionState) GetClaim(claim string) []string {
 		return groups
 	case "preferred_username":
 		return []string{s.PreferredUsername}
+	case "username":
+		return []string{s.Username}
+	case "tenants":
+		tenants := make([]string, len(s.Tenants))
+		copy(tenants, s.Tenants)
+		return tenants
 	default:
 		return []string{}
 	}

pkg/apis/sessions/session_state_test.go

@@ -59,72 +59,79 @@ func TestString(t *testing.T) {
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user}",
 		},
 		{
 			name: "Full Session",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				CreatedAt:         &created,
 				ExpiresOn:         &expires,
 				AccessToken:       "access.token",
 				IDToken:           "id.token",
 				RefreshToken:      "refresh.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}",
 		},
 		{
 			name: "With a CreatedAt",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				CreatedAt:         &created,
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user created:2000-01-01 00:00:00 +0000 UTC}",
 		},
 		{
 			name: "With an ExpiresOn",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				ExpiresOn:         &expires,
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user expires:2000-01-01 01:00:00 +0000 UTC}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user expires:2000-01-01 01:00:00 +0000 UTC}",
 		},
 		{
 			name: "With an AccessToken",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				AccessToken:       "access.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true}",
 		},
 		{
 			name: "With an IDToken",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				IDToken:           "id.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user id_token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user id_token:true}",
 		},
 		{
 			name: "With a RefreshToken",
 			sessionState: &SessionState{
 				Email:             "email@email.email",
 				User:              "some.user",
 				PreferredUsername: "preferred.user",
+				Username:          "some.user",
 				RefreshToken:      "refresh.token",
 			},
-			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user refresh_token:true}",
+			expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user refresh_token:true}",
 		},
 	}
 

providers/sis.go

@@ -79,12 +79,12 @@ func NewSISProvider(p *ProviderData, opts options.SISOptions) *SISProvider {
 	}
 
 	if opts.SISRootURL != "" {
-		rootUrl, err := url.Parse(opts.SISRootURL)
+		rootURL, err := url.Parse(opts.SISRootURL)
 		if err != nil {
 			fmt.Printf("Error parsing SISRootURL=%v", opts.SISRootURL)
 			return nil
 		}
-		provider.Configure(rootUrl)
+		provider.Configure(rootURL)
 	}
 
 	return provider
@@ -248,6 +248,10 @@ func (p *SISProvider) EnrichSession(ctx context.Context, s *sessions.SessionStat
 				s.Tenant, err = attributes.GetIndex(i).Get("tenant").String()
 			case "groups":
 				s.Groups, err = attributes.GetIndex(i).Get("groups").StringArray()
+			case "username":
+				s.Username, err = attributes.GetIndex(i).Get("username").String()
+			case "tenants":
+				s.Tenants, err = attributes.GetIndex(i).Get("tenants").StringArray()
 			}
 			if err != nil {
 				fmt.Printf("Error unmarshalling %s: %v", k, err)

providers/sis_test.go

@@ -78,7 +78,8 @@ func TestSISProviderRedeem(t *testing.T) {
 func TestSISProviderEnrichSession(t *testing.T) {
 	b := testSISBackend(map[string]string{
 		"/sso/oauth2.0/profile": `{"id":"admin","attributes":[{"uid":"admin"},{"tenant":"NONE"},
-{"roles":[]},{"groups":["admins","managers"]},{"cn":"admin"},{"mail":"admin@example.com"}]}`,
+{"roles":[]},{"groups":["admins","managers"]},{"username":"admin"},{"tenants":["NONE","NUNI"]},
+{"cn":"admin"},{"mail":"admin@example.com"}]}`,
 	})
 	defer b.Close()