[Bps-public-commit] rt-authen-oauth2 branch, auth0, repushed
? sunnavy
sunnavy at bestpractical.com
Thu Mar 22 13:36:25 EDT 2018
The branch auth0 was deleted and repushed:
was 9ad80d9dbe1a882ef8ff3b9ebbb8cbec9cedba66
now 73ccfc57ad44e09204f37274a70420f85beb3270
1: 0845551 = 1: 467f013 Add IDP config for auth0
2: fc007ef ! 2: 3aba95f Add support for autocreating users on oauth2 login.
@@ -46,42 +46,40 @@
--- a/lib/RT/Authen/OAuth2.pm
+++ b/lib/RT/Authen/OAuth2.pm
@@
- RT::Logger->info("OAuth2 server return content didn't include email, aborting. Request from $ip") unless $email;
- return (0, $generic_error) unless $email;
+ RT::Logger->info("OAuth2 server return content didn't include $loadcol, aborting. Request from $ip") unless $name;
+ return (0, $generic_error) unless $name;
+ if ( $idp_conf->{MetadataMap}->{VerifiedEmail} && !$metadata->{ $idp_conf->{MetadataMap}->{VerifiedEmail} } ) {
-+ RT::Logger->info( "Email $email not verified." );
-+ return ( 0, RT->SystemUser->loc( "Email [_1] not verified.", $email ) );
++ RT::Logger->info( "Email $name not verified." );
++ return ( 0, RT->SystemUser->loc( "Email [_1] not verified.", $name ) );
+ }
+
my $user = RT::User->new( RT->SystemUser );
- $user->LoadByEmail($email);
+ $user->LoadByCol($loadcol, $name);
- # TODO future feature: auto-vivify a user based on config option, if email matches regex
+ # TODO future feature: add an option to auto-vivify only if email matches regex
# TODO e.g., allow all people from mycompany.com to access RT automatically
- RT::Logger->info("OAuth2 user $email attempted login but no matching user found in RT. Request from $ip") unless $user->id;
+ RT::Logger->info("OAuth2 user $name attempted login but no matching user found in RT. Request from $ip") unless $user->id;
+ if (RT->Config->Get('OAuthCreateNewUser') and not $user->id) {
+ my $additional = RT->Config->Get('OAuthNewUserOptions') || { Privileged => 1 };
+ my $newuser = RT::User->new( $RT::SystemUser );
-+ my $name = $metadata->{ $idp_conf->{MetadataMap}->{RealName} };
-+ RT::Logger->info("Attempting to create account for $name <$email>");
-+ # TODO: Allow using 'nickname' as account name. Requires
-+ # testing for existence and fallback to email.
-+ my ($id, $msg) = $newuser->Create(
++ RT::Logger->info("Attempting to create account for $name");
++ my ( $id, $msg ) = $newuser->Create(
+ %$additional,
-+ Name => $email,
-+ RealName => $name,
-+ EmailAddress => $email,
++ Name => $name,
++ map { $_ => $metadata->{ $idp_conf->{MetadataMap}->{$_} } }
++ grep { $metadata->{ $idp_conf->{MetadataMap}->{$_} } }
++ qw(RealName NickName Organization Lang EmailAddress),
+ );
+ unless ($id) {
-+ RT::Logger->info("Error $msg creating account for $name <$email>");
++ RT::Logger->info("Error $msg creating account for $name");
+ return (0, $generic_error);
+ }
+ $user = $newuser;
+ }
return(0, $generic_error) unless $user->id;
- RT::Logger->info("OAuth2 user $email is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
+ RT::Logger->info("OAuth2 user $name is disabled in RT; aborting OAuth2 login. Request from $ip") if $user->PrincipalObj->Disabled;
3: 9ad80d9 = 3: 73ccfc5 Add logout support.
More information about the Bps-public-commit
mailing list