[Bps-public-commit] rt-authen-oauth2 branch, master, updated. 3414c02c25c200fb1acc6024465ad25d9b01eaba
? sunnavy
sunnavy at bestpractical.com
Thu Mar 22 13:09:26 EDT 2018
The branch, master has been updated
via 3414c02c25c200fb1acc6024465ad25d9b01eaba (commit)
from 357570b762ccc9453eb731bd4d386391c882cec6 (commit)
Summary of changes:
etc/OAuth2_Config.pm | 1 +
lib/RT/Authen/OAuth2.pm | 15 ++++++++-------
2 files changed, 9 insertions(+), 7 deletions(-)
- Log -----------------------------------------------------------------
commit 3414c02c25c200fb1acc6024465ad25d9b01eaba
Author: Kai Storbeck <kai at xs4all.nl>
Date: Fri Mar 24 14:36:29 2017 +0100
Make the user lookup column configurable
diff --git a/etc/OAuth2_Config.pm b/etc/OAuth2_Config.pm
index e8b7ad7..0cc79fb 100644
--- a/etc/OAuth2_Config.pm
+++ b/etc/OAuth2_Config.pm
@@ -127,6 +127,7 @@ Set(%OAuthIDPs,
Lang => 'locale',
Organization => 'hd',
},
+ 'LoadColumn' => 'EmailAddress',
'LoginPageButton' => '/static/images/btn_google_signin_dark_normal_web.png',
'authorize_path' => '/o/oauth2/auth',
'site' => 'https://accounts.google.com',
diff --git a/lib/RT/Authen/OAuth2.pm b/lib/RT/Authen/OAuth2.pm
index a942e6e..46739ad 100644
--- a/lib/RT/Authen/OAuth2.pm
+++ b/lib/RT/Authen/OAuth2.pm
@@ -167,22 +167,23 @@ sub LogUserIn {
# Get the correct handler for the user's metadata, based on which IDP is in use
my $idp_handler = $idp_conf->{MetadataHandler};
my $metadata = $idp_handler->Metadata($response->decoded_content);
- my $email = $metadata->{ $idp_conf->{MetadataMap}->{EmailAddress} };
+ my $loadcol = $idp_conf->{LoadColumn} || 'EmailAddress';
+ my $name = $metadata->{ $idp_conf->{MetadataMap}->{$loadcol} };
# email is used to identify the user; bail out if we don't have one
- RT::Logger->info("OAuth2 server return content didn't include email, aborting. Request from $ip") unless $email;
- return (0, $generic_error) unless $email;
+ RT::Logger->info("OAuth2 server return content didn't include $loadcol, aborting. Request from $ip") unless $name;
+ return (0, $generic_error) unless $name;
my $user = RT::User->new( RT->SystemUser );
- $user->LoadByEmail($email);
+ $user->LoadByCol($loadcol, $name);
# TODO future feature: auto-vivify a user based on config option, if email matches regex
# TODO e.g., allow all people from mycompany.com to access RT automatically
- RT::Logger->info("OAuth2 user $email attempted login but no matching user found in RT. Request from $ip") unless $user->id;
+ RT::Logger->info("OAuth2 user $name attempted login but no matching user found in RT. Request from $ip") unless $user->id;
return(0, $generic_error) unless $user->id;
- RT::Logger->info("OAuth2 user $email is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
+ RT::Logger->info("OAuth2 user $name is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
return(0, $generic_error) if $user->PrincipalObj->Disabled;
# Populate any empty fields in the RT user profile from the OAuth server metadata
@@ -197,7 +198,7 @@ sub LogUserIn {
);
# Set up our session and return to the handler template element for the redirect
- RT::Logger->info("Successful OAuth2 login for $email from $ip");
+ RT::Logger->info("Successful OAuth2 login for $name from $ip");
RT::Interface::Web::InstantiateNewSession();
$session->{CurrentUser} = RT::CurrentUser->new($user);
return (1, "ok", $args->{state});
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list