teach/atsebay.t
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

OIDC: Retrieve face pictures from claim
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
nemunaire 2022-11-11 11:20:13 +01:00
parent a48bc1f1bc
commit 1f00d50490
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
auth.go
View File

@ -77,7 +77,7 @@ func logout(c *gin.Context) {
c.JSON(http.StatusOK, true) c.JSON(http.StatusOK, true)
} }
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, session *Session) (usr *User, err error) { func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, face_url string, session *Session) (usr *User, err error) {
if !userExists(username) { if !userExists(username) {
if promo == 0 { if promo == 0 {
promo = currentPromo promo = currentPromo
@ -114,10 +114,14 @@ func completeAuth(c *gin.Context, username string, email string, firstname strin
if session == nil { if session == nil {
session, err = usr.NewSession() session, err = usr.NewSession()
} else { if err != nil {
_, err = session.SetUser(usr) return
}
} }
if face_url != "" {
session.SetKey("picture", face_url)
}
_, err = session.SetUser(usr)
if err != nil { if err != nil {
return return
} }
@ -153,7 +157,7 @@ func dummyAuth(c *gin.Context) {
return return
} }
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", nil); err != nil { if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()}) c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return return
} else { } else {

2
auth_krb5.go
View File

@ -83,7 +83,7 @@ func checkAuthKrb5(c *gin.Context) {
return return
} }
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", nil); err != nil { if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()}) c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return return
} else { } else {

7
auth_oidc.go
View File

@ -48,7 +48,7 @@ func initializeOIDC(router *gin.Engine) {
Endpoint: provider.Endpoint(), Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows. // "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita"}, Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita", "picture"},
} }
oidcConfig := oidc.Config{ oidcConfig := oidc.Config{
@ -112,6 +112,9 @@ func OIDC_CRI_complete(c *gin.Context) {
Groups []map[string]interface{} `json:"groups"` Groups []map[string]interface{} `json:"groups"`
Campuses []string `json:"campuses"` Campuses []string `json:"campuses"`
GraduationYears []uint `json:"graduation_years"` GraduationYears []uint `json:"graduation_years"`
Picture string `json:"picture"`
PictureSquare string `json:"picture_square"`
PictureThumb string `json:"picture_thumb"`
} }
if err := idToken.Claims(&claims); err != nil { if err := idToken.Claims(&claims); err != nil {
log.Println("Unable to extract claims to Claims:", err.Error()) log.Println("Unable to extract claims to Claims:", err.Error())
@ -135,7 +138,7 @@ func OIDC_CRI_complete(c *gin.Context) {
} }
} }
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, session); err != nil { if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, claims.PictureSquare, session); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()}) c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return return
} }