diff --git a/oauthproxy.go b/oauthproxy.go index eacd18268d..cdfd0ee7d3 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -715,12 +715,16 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) { Groups []string `json:"groups,omitempty"` PreferredUsername string `json:"preferredUsername,omitempty"` Tenant string `json:"tenant,omitempty"` + Username string `json:"username,omitempty"` + Tenants []string `json:"tenants,omitempty"` }{ User: session.User, Email: session.Email, Groups: session.Groups, PreferredUsername: session.PreferredUsername, Tenant: session.Tenant, + Username: session.Username, + Tenants: session.Tenants, } if err := json.NewEncoder(rw).Encode(userInfo); err != nil { diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 8f9f88dd59..9b926e7a3e 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -28,9 +28,9 @@ type SessionState struct { User string `msgpack:"u,omitempty"` Groups []string `msgpack:"g,omitempty"` PreferredUsername string `msgpack:"pu,omitempty"` - - Tenant string `msgpack:"t,omitempty"` - + Tenant string `msgpack:"t,omitempty"` + Username string `msgpack:"un,omitempty"` + Tenants []string `msgpack:"tt,omitempty"` // Internal helpers, not serialized Clock clock.Clock `msgpack:"-"` Lock Lock `msgpack:"-"` @@ -103,7 +103,7 @@ func (s *SessionState) Age() time.Duration { // String constructs a summary of the session state func (s *SessionState) String() string { - o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s", s.Email, s.User, s.PreferredUsername) + o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s Username:%s", s.Email, s.User, s.PreferredUsername, s.Username) if s.Tenant != "" { o += fmt.Sprintf(" tenant:%s", s.Tenant) } @@ -125,6 +125,9 @@ func (s *SessionState) String() string { if len(s.Groups) > 0 { o += fmt.Sprintf(" groups:%v", s.Groups) } + if len(s.Tenants) > 0 { + o += fmt.Sprintf(" tenants:%v", s.Tenants) + } return o + "}" } @@ -153,6 +156,12 @@ func (s *SessionState) GetClaim(claim string) []string { return groups case "preferred_username": return []string{s.PreferredUsername} + case "username": + return []string{s.Username} + case "tenants": + tenants := make([]string, len(s.Tenants)) + copy(tenants, s.Tenants) + return tenants default: return []string{} } diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index e12c277636..fb5adf0cbf 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -59,8 +59,9 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user}", }, { name: "Full Session", @@ -68,13 +69,14 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", CreatedAt: &created, ExpiresOn: &expires, AccessToken: "access.token", IDToken: "id.token", RefreshToken: "refresh.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}", }, { name: "With a CreatedAt", @@ -82,9 +84,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", CreatedAt: &created, }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user created:2000-01-01 00:00:00 +0000 UTC}", }, { name: "With an ExpiresOn", @@ -92,9 +95,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", ExpiresOn: &expires, }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user expires:2000-01-01 01:00:00 +0000 UTC}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user expires:2000-01-01 01:00:00 +0000 UTC}", }, { name: "With an AccessToken", @@ -102,9 +106,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", AccessToken: "access.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true}", }, { name: "With an IDToken", @@ -112,9 +117,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", IDToken: "id.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user id_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user id_token:true}", }, { name: "With a RefreshToken", @@ -122,9 +128,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", RefreshToken: "refresh.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user refresh_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user refresh_token:true}", }, } diff --git a/providers/sis.go b/providers/sis.go index 4af2cc204b..fb7318212a 100644 --- a/providers/sis.go +++ b/providers/sis.go @@ -79,12 +79,12 @@ func NewSISProvider(p *ProviderData, opts options.SISOptions) *SISProvider { } if opts.SISRootURL != "" { - rootUrl, err := url.Parse(opts.SISRootURL) + rootURL, err := url.Parse(opts.SISRootURL) if err != nil { fmt.Printf("Error parsing SISRootURL=%v", opts.SISRootURL) return nil } - provider.Configure(rootUrl) + provider.Configure(rootURL) } return provider @@ -248,6 +248,10 @@ func (p *SISProvider) EnrichSession(ctx context.Context, s *sessions.SessionStat s.Tenant, err = attributes.GetIndex(i).Get("tenant").String() case "groups": s.Groups, err = attributes.GetIndex(i).Get("groups").StringArray() + case "username": + s.Username, err = attributes.GetIndex(i).Get("username").String() + case "tenants": + s.Tenants, err = attributes.GetIndex(i).Get("tenants").StringArray() } if err != nil { fmt.Printf("Error unmarshalling %s: %v", k, err) diff --git a/providers/sis_test.go b/providers/sis_test.go index 9595c342ff..0f305f59cd 100644 --- a/providers/sis_test.go +++ b/providers/sis_test.go @@ -78,7 +78,8 @@ func TestSISProviderRedeem(t *testing.T) { func TestSISProviderEnrichSession(t *testing.T) { b := testSISBackend(map[string]string{ "/sso/oauth2.0/profile": `{"id":"admin","attributes":[{"uid":"admin"},{"tenant":"NONE"}, -{"roles":[]},{"groups":["admins","managers"]},{"cn":"admin"},{"mail":"admin@example.com"}]}`, +{"roles":[]},{"groups":["admins","managers"]},{"username":"admin"},{"tenants":["NONE","NUNI"]}, +{"cn":"admin"},{"mail":"admin@example.com"}]}`, }) defer b.Close()