From 0f65e44b6a285ddada170cd0fe845b4c96c8f117 Mon Sep 17 00:00:00 2001 From: igurucelain Date: Fri, 2 Jun 2023 13:26:23 +0200 Subject: [PATCH 1/5] new-fields-proxy --- oauthproxy.go | 4 ++++ pkg/apis/sessions/session_state.go | 13 ++++++++++++- pkg/apis/sessions/session_state_test.go | 17 +++++++++++------ providers/sis.go | 4 ++++ 4 files changed, 31 insertions(+), 7 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index eacd18268d..ce3003a575 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -715,12 +715,16 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) { Groups []string `json:"groups,omitempty"` PreferredUsername string `json:"preferredUsername,omitempty"` Tenant string `json:"tenant,omitempty"` + Tenants string `json:"tenants,omitempty"` + Username string `json:"username,omitempty"` }{ User: session.User, Email: session.Email, Groups: session.Groups, PreferredUsername: session.PreferredUsername, Tenant: session.Tenant, + Username: session.Username, + Tenants: session.Tenants, } if err := json.NewEncoder(rw).Encode(userInfo); err != nil { diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 8f9f88dd59..3e04e7b4ed 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -31,6 +31,8 @@ type SessionState struct { Tenant string `msgpack:"t,omitempty"` + Username string `msgpack:"un,omitempty"` + Tenants []string `msgpack:"ts,omitempty"` // Internal helpers, not serialized Clock clock.Clock `msgpack:"-"` Lock Lock `msgpack:"-"` @@ -103,7 +105,7 @@ func (s *SessionState) Age() time.Duration { // String constructs a summary of the session state func (s *SessionState) String() string { - o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s", s.Email, s.User, s.PreferredUsername) + o := fmt.Sprintf("Session{email:%s user:%s PreferredUsername:%s Username:%s", s.Email, s.User, s.PreferredUsername, s.Username) if s.Tenant != "" { o += fmt.Sprintf(" tenant:%s", s.Tenant) } @@ -125,6 +127,9 @@ func (s *SessionState) String() string { if len(s.Groups) > 0 { o += fmt.Sprintf(" groups:%v", s.Groups) } + if len(s.Tenants) > 0 { + o += fmt.Sprintf(" tenants:%v", s.Tenants) + } return o + "}" } @@ -153,6 +158,12 @@ func (s *SessionState) GetClaim(claim string) []string { return groups case "preferred_username": return []string{s.PreferredUsername} + case "username": + return []string{s.Username} + case "tenants": + tenants := make([]string, len(s.Tenants)) + copy(tenants, s.Tenants) + return tenants default: return []string{} } diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index e12c277636..de9ff09dff 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -59,8 +59,9 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user}", }, { name: "Full Session", @@ -74,7 +75,7 @@ func TestString(t *testing.T) { IDToken: "id.token", RefreshToken: "refresh.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true id_token:true created:2000-01-01 00:00:00 +0000 UTC expires:2000-01-01 01:00:00 +0000 UTC refresh_token:true}", }, { name: "With a CreatedAt", @@ -92,9 +93,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", ExpiresOn: &expires, }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user expires:2000-01-01 01:00:00 +0000 UTC}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user expires:2000-01-01 01:00:00 +0000 UTC}", }, { name: "With an AccessToken", @@ -102,9 +104,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", AccessToken: "access.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user token:true}", }, { name: "With an IDToken", @@ -112,9 +115,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", IDToken: "id.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user id_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user id_token:true}", }, { name: "With a RefreshToken", @@ -122,9 +126,10 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", RefreshToken: "refresh.token", }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user refresh_token:true}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user refresh_token:true}", }, } diff --git a/providers/sis.go b/providers/sis.go index 4af2cc204b..a6df2e2d60 100644 --- a/providers/sis.go +++ b/providers/sis.go @@ -248,6 +248,10 @@ func (p *SISProvider) EnrichSession(ctx context.Context, s *sessions.SessionStat s.Tenant, err = attributes.GetIndex(i).Get("tenant").String() case "groups": s.Groups, err = attributes.GetIndex(i).Get("groups").StringArray() + case "username": + s.Username, err = attributes.GetIndex(i).Get("username").String() + case "tenants": + s.Tenants, err = attributes.GetIndex(i).Get("tenants").StringArray() } if err != nil { fmt.Printf("Error unmarshalling %s: %v", k, err) From 29efcbdecd75ae5d93a6ad7289c65d8736afbbb7 Mon Sep 17 00:00:00 2001 From: igurucelain Date: Fri, 2 Jun 2023 14:55:11 +0200 Subject: [PATCH 2/5] new-fields-proxy --- oauthproxy.go | 2 +- pkg/apis/sessions/session_state.go | 6 ++---- providers/sis.go | 10 +++++----- 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/oauthproxy.go b/oauthproxy.go index ce3003a575..cdfd0ee7d3 100644 --- a/oauthproxy.go +++ b/oauthproxy.go @@ -715,8 +715,8 @@ func (p *OAuthProxy) UserInfo(rw http.ResponseWriter, req *http.Request) { Groups []string `json:"groups,omitempty"` PreferredUsername string `json:"preferredUsername,omitempty"` Tenant string `json:"tenant,omitempty"` - Tenants string `json:"tenants,omitempty"` Username string `json:"username,omitempty"` + Tenants []string `json:"tenants,omitempty"` }{ User: session.User, Email: session.Email, diff --git a/pkg/apis/sessions/session_state.go b/pkg/apis/sessions/session_state.go index 3e04e7b4ed..9b926e7a3e 100644 --- a/pkg/apis/sessions/session_state.go +++ b/pkg/apis/sessions/session_state.go @@ -28,11 +28,9 @@ type SessionState struct { User string `msgpack:"u,omitempty"` Groups []string `msgpack:"g,omitempty"` PreferredUsername string `msgpack:"pu,omitempty"` - - Tenant string `msgpack:"t,omitempty"` - + Tenant string `msgpack:"t,omitempty"` Username string `msgpack:"un,omitempty"` - Tenants []string `msgpack:"ts,omitempty"` + Tenants []string `msgpack:"tt,omitempty"` // Internal helpers, not serialized Clock clock.Clock `msgpack:"-"` Lock Lock `msgpack:"-"` diff --git a/providers/sis.go b/providers/sis.go index a6df2e2d60..fb7318212a 100644 --- a/providers/sis.go +++ b/providers/sis.go @@ -79,12 +79,12 @@ func NewSISProvider(p *ProviderData, opts options.SISOptions) *SISProvider { } if opts.SISRootURL != "" { - rootUrl, err := url.Parse(opts.SISRootURL) + rootURL, err := url.Parse(opts.SISRootURL) if err != nil { fmt.Printf("Error parsing SISRootURL=%v", opts.SISRootURL) return nil } - provider.Configure(rootUrl) + provider.Configure(rootURL) } return provider @@ -249,9 +249,9 @@ func (p *SISProvider) EnrichSession(ctx context.Context, s *sessions.SessionStat case "groups": s.Groups, err = attributes.GetIndex(i).Get("groups").StringArray() case "username": - s.Username, err = attributes.GetIndex(i).Get("username").String() - case "tenants": - s.Tenants, err = attributes.GetIndex(i).Get("tenants").StringArray() + s.Username, err = attributes.GetIndex(i).Get("username").String() + case "tenants": + s.Tenants, err = attributes.GetIndex(i).Get("tenants").StringArray() } if err != nil { fmt.Printf("Error unmarshalling %s: %v", k, err) From 0ecdaea0bc2718adf616e3b233aa7e9994e82251 Mon Sep 17 00:00:00 2001 From: igurucelain Date: Fri, 2 Jun 2023 15:00:42 +0200 Subject: [PATCH 3/5] new-fields-proxy --- pkg/apis/sessions/session_state_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index de9ff09dff..6b75321f18 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -69,6 +69,7 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", CreatedAt: &created, ExpiresOn: &expires, AccessToken: "access.token", @@ -83,6 +84,7 @@ func TestString(t *testing.T) { Email: "email@email.email", User: "some.user", PreferredUsername: "preferred.user", + Username: "some.user", CreatedAt: &created, }, expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC}", From 1eb197af3fd36ad5f1a0c252433376cd4a462bbd Mon Sep 17 00:00:00 2001 From: igurucelain Date: Mon, 5 Jun 2023 09:13:27 +0200 Subject: [PATCH 4/5] new-fields-proxy --- pkg/apis/sessions/session_state_test.go | 2 +- providers/sis_test.go | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/apis/sessions/session_state_test.go b/pkg/apis/sessions/session_state_test.go index 6b75321f18..fb5adf0cbf 100644 --- a/pkg/apis/sessions/session_state_test.go +++ b/pkg/apis/sessions/session_state_test.go @@ -87,7 +87,7 @@ func TestString(t *testing.T) { Username: "some.user", CreatedAt: &created, }, - expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user created:2000-01-01 00:00:00 +0000 UTC}", + expected: "Session{email:email@email.email user:some.user PreferredUsername:preferred.user Username:some.user created:2000-01-01 00:00:00 +0000 UTC}", }, { name: "With an ExpiresOn", diff --git a/providers/sis_test.go b/providers/sis_test.go index 9595c342ff..0f305f59cd 100644 --- a/providers/sis_test.go +++ b/providers/sis_test.go @@ -78,7 +78,8 @@ func TestSISProviderRedeem(t *testing.T) { func TestSISProviderEnrichSession(t *testing.T) { b := testSISBackend(map[string]string{ "/sso/oauth2.0/profile": `{"id":"admin","attributes":[{"uid":"admin"},{"tenant":"NONE"}, -{"roles":[]},{"groups":["admins","managers"]},{"cn":"admin"},{"mail":"admin@example.com"}]}`, +{"roles":[]},{"groups":["admins","managers"]},{"username":"admin"},{"tenants":["NONE","NUNI"]}, +{"cn":"admin"},{"mail":"admin@example.com"}]}`, }) defer b.Close() From 82c416678675b8c62d6f8b41f311cc602c9f07f3 Mon Sep 17 00:00:00 2001 From: igurucelain Date: Mon, 19 Jun 2023 13:22:54 +0200 Subject: [PATCH 5/5] rebuild