OIDC: Retrieve face pictures from claim
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
a48bc1f1bc
commit
1f00d50490
14
auth.go
14
auth.go
@ -77,7 +77,7 @@ func logout(c *gin.Context) {
|
||||
c.JSON(http.StatusOK, true)
|
||||
}
|
||||
|
||||
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, session *Session) (usr *User, err error) {
|
||||
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, face_url string, session *Session) (usr *User, err error) {
|
||||
if !userExists(username) {
|
||||
if promo == 0 {
|
||||
promo = currentPromo
|
||||
@ -114,10 +114,14 @@ func completeAuth(c *gin.Context, username string, email string, firstname strin
|
||||
|
||||
if session == nil {
|
||||
session, err = usr.NewSession()
|
||||
} else {
|
||||
_, err = session.SetUser(usr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
}
|
||||
if face_url != "" {
|
||||
session.SetKey("picture", face_url)
|
||||
}
|
||||
_, err = session.SetUser(usr)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
@ -153,7 +157,7 @@ func dummyAuth(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", nil); err != nil {
|
||||
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", "", nil); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
} else {
|
||||
|
||||
@ -83,7 +83,7 @@ func checkAuthKrb5(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", nil); err != nil {
|
||||
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", "", nil); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
} else {
|
||||
|
||||
@ -48,7 +48,7 @@ func initializeOIDC(router *gin.Engine) {
|
||||
Endpoint: provider.Endpoint(),
|
||||
|
||||
// "openid" is a required scope for OpenID Connect flows.
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita"},
|
||||
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita", "picture"},
|
||||
}
|
||||
|
||||
oidcConfig := oidc.Config{
|
||||
@ -112,6 +112,9 @@ func OIDC_CRI_complete(c *gin.Context) {
|
||||
Groups []map[string]interface{} `json:"groups"`
|
||||
Campuses []string `json:"campuses"`
|
||||
GraduationYears []uint `json:"graduation_years"`
|
||||
Picture string `json:"picture"`
|
||||
PictureSquare string `json:"picture_square"`
|
||||
PictureThumb string `json:"picture_thumb"`
|
||||
}
|
||||
if err := idToken.Claims(&claims); err != nil {
|
||||
log.Println("Unable to extract claims to Claims:", err.Error())
|
||||
@ -135,7 +138,7 @@ func OIDC_CRI_complete(c *gin.Context) {
|
||||
}
|
||||
}
|
||||
|
||||
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, session); err != nil {
|
||||
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, claims.PictureSquare, session); err != nil {
|
||||
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
|
||||
return
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user