mirror of
https://github.com/goharbor/harbor.git
synced 2024-11-26 12:15:20 +01:00
Username from /userinfo (#14038)
This patch enabled Harbor to receive the username from the /userinfo endpoint instead of only from the ID Token. Closes #14037 Signed-off-by: Sven Haardiek <sven@haardiek.de>
This commit is contained in:
parent
f013d88efc
commit
b2fe254974
@ -264,6 +264,10 @@ func UserInfoFromToken(ctx context.Context, token *Token) (*UserInfo, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
log.Warningf("Failed to get userInfo by calling remote userinfo endpoint, error: %v ", err)
|
log.Warningf("Failed to get userInfo by calling remote userinfo endpoint, error: %v ", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if setting.UserClaim != "" && local.Username == "" && remote.Username == "" {
|
||||||
|
return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
|
||||||
|
}
|
||||||
if remote != nil && local != nil {
|
if remote != nil && local != nil {
|
||||||
if remote.Subject != local.Subject {
|
if remote.Subject != local.Subject {
|
||||||
return nil, fmt.Errorf("the subject from userinfo: %s does not match the subject from ID token: %s, probably a security attack happened", remote.Subject, local.Subject)
|
return nil, fmt.Errorf("the subject from userinfo: %s does not match the subject from ID token: %s, probably a security attack happened", remote.Subject, local.Subject)
|
||||||
@ -338,11 +342,11 @@ func userInfoFromClaims(c claimsProvider, setting models.OIDCSetting) (*UserInfo
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
username, ok := allClaims[setting.UserClaim].(string)
|
if username, ok := allClaims[setting.UserClaim].(string); ok {
|
||||||
if !ok {
|
res.Username = username
|
||||||
return nil, fmt.Errorf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
|
} else {
|
||||||
|
log.Warningf("OIDC. Failed to recover Username from claim. Claim '%s' is invalid or not a string", setting.UserClaim)
|
||||||
}
|
}
|
||||||
res.Username = username
|
|
||||||
}
|
}
|
||||||
res.Groups, res.hasGroupClaim = groupsFromClaims(c, setting.GroupsClaim)
|
res.Groups, res.hasGroupClaim = groupsFromClaims(c, setting.GroupsClaim)
|
||||||
if len(setting.AdminGroup) > 0 {
|
if len(setting.AdminGroup) > 0 {
|
||||||
|
Loading…
Reference in New Issue
Block a user