[Bps-public-commit] rt-authen-oauth2 branch, master, updated. 3414c02c25c200fb1acc6024465ad25d9b01eaba

? sunnavy sunnavy at bestpractical.com
Thu Mar 22 13:09:26 EDT 2018


The branch, master has been updated
       via  3414c02c25c200fb1acc6024465ad25d9b01eaba (commit)
      from  357570b762ccc9453eb731bd4d386391c882cec6 (commit)

Summary of changes:
 etc/OAuth2_Config.pm    |  1 +
 lib/RT/Authen/OAuth2.pm | 15 ++++++++-------
 2 files changed, 9 insertions(+), 7 deletions(-)

- Log -----------------------------------------------------------------
commit 3414c02c25c200fb1acc6024465ad25d9b01eaba
Author: Kai Storbeck <kai at xs4all.nl>
Date:   Fri Mar 24 14:36:29 2017 +0100

    Make the user lookup column configurable

diff --git a/etc/OAuth2_Config.pm b/etc/OAuth2_Config.pm
index e8b7ad7..0cc79fb 100644
--- a/etc/OAuth2_Config.pm
+++ b/etc/OAuth2_Config.pm
@@ -127,6 +127,7 @@ Set(%OAuthIDPs,
             Lang => 'locale',
             Organization => 'hd',
         },
+        'LoadColumn' => 'EmailAddress',
         'LoginPageButton' => '/static/images/btn_google_signin_dark_normal_web.png',
         'authorize_path' => '/o/oauth2/auth',
         'site' => 'https://accounts.google.com',
diff --git a/lib/RT/Authen/OAuth2.pm b/lib/RT/Authen/OAuth2.pm
index a942e6e..46739ad 100644
--- a/lib/RT/Authen/OAuth2.pm
+++ b/lib/RT/Authen/OAuth2.pm
@@ -167,22 +167,23 @@ sub LogUserIn {
     # Get the correct handler for the user's metadata, based on which IDP is in use
     my $idp_handler = $idp_conf->{MetadataHandler};
     my $metadata = $idp_handler->Metadata($response->decoded_content);
-    my $email = $metadata->{ $idp_conf->{MetadataMap}->{EmailAddress} };
+    my $loadcol = $idp_conf->{LoadColumn} || 'EmailAddress';
+    my $name = $metadata->{ $idp_conf->{MetadataMap}->{$loadcol} };
 
     # email is used to identify the user; bail out if we don't have one
-    RT::Logger->info("OAuth2 server return content didn't include email, aborting. Request from $ip") unless $email;
-    return (0, $generic_error) unless $email;
+    RT::Logger->info("OAuth2 server return content didn't include $loadcol, aborting. Request from $ip") unless $name;
+    return (0, $generic_error) unless $name;
 
     my $user = RT::User->new( RT->SystemUser );
-    $user->LoadByEmail($email);
+    $user->LoadByCol($loadcol, $name);
 
     # TODO future feature: auto-vivify a user based on config option, if email matches regex
     # TODO e.g., allow all people from mycompany.com to access RT automatically
 
-    RT::Logger->info("OAuth2 user $email attempted login but no matching user found in RT. Request from $ip") unless $user->id;
+    RT::Logger->info("OAuth2 user $name attempted login but no matching user found in RT. Request from $ip") unless $user->id;
     return(0, $generic_error) unless $user->id;
 
-    RT::Logger->info("OAuth2 user $email is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
+    RT::Logger->info("OAuth2 user $name is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
     return(0, $generic_error) if $user->PrincipalObj->Disabled;
 
     # Populate any empty fields in the RT user profile from the OAuth server metadata
@@ -197,7 +198,7 @@ sub LogUserIn {
     );
 
     # Set up our session and return to the handler template element for the redirect
-    RT::Logger->info("Successful OAuth2 login for $email from $ip");
+    RT::Logger->info("Successful OAuth2 login for $name from $ip");
     RT::Interface::Web::InstantiateNewSession();
     $session->{CurrentUser} = RT::CurrentUser->new($user);
     return (1, "ok", $args->{state});

-----------------------------------------------------------------------


More information about the Bps-public-commit mailing list