Updated discord provider to optionally match user IDs instead of user…

…name

config/config.yml_example_discord

@@ -7,10 +7,15 @@ vouch:
  - yourdomain.com
  # whiteList is a list of usernames that will allow a login if allowAllUsers is false
  whiteList:
+ # The default behavior matches the Discord user's username
  - loganintech
+
  # If the user still hasn't chosen a new username, the old username#discrimnator format will work
  - LoganInTech#1203
 
+ # If discord_use_ids is set to true, you must use the user's ID
+ - 81255545020878848
+
  cookie:
  # allow the jwt/cookie to be set into http://yourdomain.com (defaults to true, requiring https://yourdomain.com)
  secure: false
@@ -22,3 +27,5 @@ oauth:
  client_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
  client_secret: xxxxxxxxxxxxxxxxxxxxxxxx
  callback_url: http://vouch.yourdomain.com:9090/auth
+ ## Uncomment this to match users based on their Discord ID
+ # discord_use_ids: true

pkg/cfg/oauth.go

@@ -85,6 +85,7 @@ type oauthConfig struct {
  PreferredDomain string `mapstructure:"preferredDomain"`
  AzureToken string `mapstructure:"azure_token" envconfig:"azure_token"`
  CodeChallengeMethod string `mapstructure:"code_challenge_method" envconfig:"code_challenge_method"`
+ DiscordUseIDs bool `mapstructure:"discord_use_ids" envconfig:"discord_use_ids"`
 }
 
 type oauthClaimsConfig struct {
@@ -322,7 +323,10 @@ func checkCallbackConfig(url string) error {
  }
  }
  if !found {
- return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s", url, Cfg.Domains, Cfg.Cookie.Domain)
+ return fmt.Errorf("configuration error: oauth.callback_url (%s) must be within a configured domains where the cookie will be set: either `vouch.domains` %s or `vouch.cookie.domain` %s",
+ url,
+ Cfg.Domains,
+ Cfg.Cookie.Domain)
  }
 
  return nil

pkg/providers/discord/discord.go

@@ -25,7 +25,9 @@ import (
 )
 
 // Provider provider specific functions
-type Provider struct{}
+type Provider struct {
+ UseSecureIDs bool
+}
 
 var log *zap.SugaredLogger
 

pkg/structs/structs.go

@@ -13,6 +13,8 @@ package structs
 import (
  "fmt"
  "strconv"
+
+ "github.com/vouch/vouch-proxy/pkg/cfg"
 )
 
 // CustomClaims Temporary struct storing custom claims until JWT creation.
@@ -246,20 +248,28 @@ type PTokens struct {
 
 // DiscordUser deserializes values from the Discord User Object: https://discord.com/developers/docs/resources/user#user-object-user-structure
 type DiscordUser struct {
- Id string `json:"id"`
- Username string `json:"username"`
- Discriminator string `json:"discriminator"`
- GlobalName string `json:"global_name"`
- Email string `json:"email"`
- Verified bool `json:"verified"`
+ Id string `json:"id"`
+ Username string `json:"username"`
+ Discriminator string `json:"discriminator"`
+ GlobalName string `json:"global_name"`
+ Email string `json:"email"`
+ Verified bool `json:"verified"`
+
  PreparedUsername string
 }
 
-// PrepareUserData copies the Username to PreparedUsername. If the Discriminator is present that is
-// appended to the Username in the format "Username#Discriminator" to match the old format of Discord usernames
+// PrepareUserData copies the Username to PreparedUsername.
+// If the provider is configured to use IDs, the ID is copied to PreparedUsername.
+// If the Discriminator is present that is appended to the Username in the format "Username#Discriminator"
+// to match the old format of Discord usernames
 // Previous format which is being phased out: https://support.discord.com/hc/en-us/articles/4407571667351-Law-Enforcement-Guidelines Subheading "How to find usernames and discriminators"
 // Details about the new username requirements: https://support.discord.com/hc/en-us/articles/12620128861463
 func (u *DiscordUser) PrepareUserData() {
+ if cfg.GenOAuth.DiscordUseIDs {
+ u.PreparedUsername = u.Id
+ return
+ }
+
  u.PreparedUsername = u.Username
  if u.Discriminator != "0" {
  u.PreparedUsername = fmt.Sprintf("%s#%s", u.Username, u.Discriminator)