From 4539c4942d2e0967068232ce8110671d76c19646 Mon Sep 17 00:00:00 2001 From: Logan Saso Date: Sun, 24 Mar 2024 13:37:45 -0700 Subject: [PATCH] Updated discord provider to optionally match user IDs instead of username --- config/config.yml_example_discord | 7 +++++++ pkg/cfg/oauth.go | 6 +++++- pkg/providers/discord/discord.go | 4 +++- pkg/structs/structs.go | 26 ++++++++++++++++++-------- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/config/config.yml_example_discord b/config/config.yml_example_discord index 1d4fd3cc..3323d5a9 100644 --- a/config/config.yml_example_discord +++ b/config/config.yml_example_discord @@ -7,10 +7,15 @@ vouch: - yourdomain.com # whiteList is a list of usernames that will allow a login if allowAllUsers is false whiteList: + # The default behavior matches the Discord user's username - loganintech + # If the user still hasn't chosen a new username, the old username#discrimnator format will work - LoganInTech#1203 + # If discord_use_ids is set to true, you must use the user's ID + - 81255545020878848 + cookie: # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com) secure: false @@ -22,3 +27,5 @@ oauth: client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx client_secret: xxxxxxxxxxxxxxxxxxxxxxxx callback_url: http://vouch.yourdomain.com:9090/auth + ## Uncomment this to match users based on their Discord ID + # discord_use_ids: true diff --git a/pkg/cfg/oauth.go b/pkg/cfg/oauth.go index 9fdde680..3992f891 100644 --- a/pkg/cfg/oauth.go +++ b/pkg/cfg/oauth.go @@ -85,6 +85,7 @@ type oauthConfig struct { PreferredDomain string `mapstructure:"preferredDomain"` AzureToken string `mapstructure:"azure_token" envconfig:"azure_token"` CodeChallengeMethod string `mapstructure:"code_challenge_method" envconfig:"code_challenge_method"` + DiscordUseIDs bool `mapstructure:"discord_use_ids" envconfig:"discord_use_ids"` } type oauthClaimsConfig struct { @@ -322,7 +323,10 @@ func checkCallbackConfig(url string) error { } } if !found { - return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s", url, Cfg.Domains, Cfg.Cookie.Domain) + return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s", + url, + Cfg.Domains, + Cfg.Cookie.Domain) } return nil diff --git a/pkg/providers/discord/discord.go b/pkg/providers/discord/discord.go index 82d12a73..fb2d1089 100644 --- a/pkg/providers/discord/discord.go +++ b/pkg/providers/discord/discord.go @@ -25,7 +25,9 @@ import ( ) // Provider provider specific functions -type Provider struct{} +type Provider struct { + UseSecureIDs bool +} var log *zap.SugaredLogger diff --git a/pkg/structs/structs.go b/pkg/structs/structs.go index e709237b..33979f94 100644 --- a/pkg/structs/structs.go +++ b/pkg/structs/structs.go @@ -13,6 +13,8 @@ package structs import ( "fmt" "strconv" + + "github.com/vouch/vouch-proxy/pkg/cfg" ) // CustomClaims Temporary struct storing custom claims until JWT creation. @@ -246,20 +248,28 @@ type PTokens struct { // DiscordUser deserializes values from the Discord User Object: https://discord.com/developers/docs/resources/user#user-object-user-structure type DiscordUser struct { - Id string `json:"id"` - Username string `json:"username"` - Discriminator string `json:"discriminator"` - GlobalName string `json:"global_name"` - Email string `json:"email"` - Verified bool `json:"verified"` + Id string `json:"id"` + Username string `json:"username"` + Discriminator string `json:"discriminator"` + GlobalName string `json:"global_name"` + Email string `json:"email"` + Verified bool `json:"verified"` + PreparedUsername string } -// PrepareUserData copies the Username to PreparedUsername. If the Discriminator is present that is -// appended to the Username in the format "Username#Discriminator" to match the old format of Discord usernames +// PrepareUserData copies the Username to PreparedUsername. +// If the provider is configured to use IDs, the ID is copied to PreparedUsername. +// If the Discriminator is present that is appended to the Username in the format "Username#Discriminator" +// to match the old format of Discord usernames // Previous format which is being phased out: https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators" // Details about the new username requirements: https://support.discord.com/hc/en-us/articles/12620128861463 func (u *DiscordUser) PrepareUserData() { + if cfg.GenOAuth.DiscordUseIDs { + u.PreparedUsername = u.Id + return + } + u.PreparedUsername = u.Username if u.Discriminator != "0" { u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator)