From 1f00d504903ad1fd6e71a58f72ee709a19bc4376 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Fri, 11 Nov 2022 11:20:13 +0100 Subject: [PATCH] OIDC: Retrieve face pictures from claim --- auth.go | 14 +++++++++----- auth_krb5.go | 2 +- auth_oidc.go | 7 +++++-- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/auth.go b/auth.go index a05ea0d..8e6adb5 100644 --- a/auth.go +++ b/auth.go @@ -77,7 +77,7 @@ func logout(c *gin.Context) { c.JSON(http.StatusOK, true) } -func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, session *Session) (usr *User, err error) { +func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, face_url string, session *Session) (usr *User, err error) { if !userExists(username) { if promo == 0 { promo = currentPromo @@ -114,10 +114,14 @@ func completeAuth(c *gin.Context, username string, email string, firstname strin if session == nil { session, err = usr.NewSession() - } else { - _, err = session.SetUser(usr) + if err != nil { + return + } } - + if face_url != "" { + session.SetKey("picture", face_url) + } + _, err = session.SetUser(usr) if err != nil { return } @@ -153,7 +157,7 @@ func dummyAuth(c *gin.Context) { return } - if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", nil); err != nil { + if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", "", nil); err != nil { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()}) return } else { diff --git a/auth_krb5.go b/auth_krb5.go index dda6374..55bdc68 100644 --- a/auth_krb5.go +++ b/auth_krb5.go @@ -83,7 +83,7 @@ func checkAuthKrb5(c *gin.Context) { return } - if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", nil); err != nil { + if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", "", nil); err != nil { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()}) return } else { diff --git a/auth_oidc.go b/auth_oidc.go index 6e56990..553baae 100644 --- a/auth_oidc.go +++ b/auth_oidc.go @@ -48,7 +48,7 @@ func initializeOIDC(router *gin.Engine) { Endpoint: provider.Endpoint(), // "openid" is a required scope for OpenID Connect flows. - Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita"}, + Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita", "picture"}, } oidcConfig := oidc.Config{ @@ -112,6 +112,9 @@ func OIDC_CRI_complete(c *gin.Context) { Groups []map[string]interface{} `json:"groups"` Campuses []string `json:"campuses"` GraduationYears []uint `json:"graduation_years"` + Picture string `json:"picture"` + PictureSquare string `json:"picture_square"` + PictureThumb string `json:"picture_thumb"` } if err := idToken.Claims(&claims); err != nil { log.Println("Unable to extract claims to Claims:", err.Error()) @@ -135,7 +138,7 @@ func OIDC_CRI_complete(c *gin.Context) { } } - if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, session); err != nil { + if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, claims.PictureSquare, session); err != nil { c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) return }