teach/atsebay.t
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: teach:87b69753831695d42f4780a5a7cd28a55c45866b
Branches Tags
teach:master
teach:f/nb_participants_in_results
teach:f/picture-from-oidc
teach:svelte
..
compare: teach:1f00d504903ad1fd6e71a58f72ee709a19bc4376
Branches Tags
teach:master
teach:f/nb_participants_in_results
teach:f/picture-from-oidc
teach:svelte

2 Commits
87b6975383 ... 1f00d50490

Author SHA1 Message Date
Pierre-Olivier Mercier
1f00d50490 OIDC: Retrieve face pictures from claim
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-11-11 11:20:13 +01:00
Pierre-Olivier Mercier
a48bc1f1bc OIDC: Retrieve promotion from OIDC claims
All checks were successful
continuous-integration/drone/push Build is passing
Details
2022-11-11 11:14:43 +01:00
4 changed files with 54 additions and 20 deletions
Show Stats Expand all files Collapse all files

34
auth.go
View File

@ -77,31 +77,51 @@ func logout(c *gin.Context) {
c.JSON(http.StatusOK, true)
}
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, groups string, session *Session) (usr *User, err error) {
func completeAuth(c *gin.Context, username string, email string, firstname string, lastname string, promo uint, groups string, face_url string, session *Session) (usr *User, err error) {
if !userExists(username) {
if usr, err = NewUser(username, email, firstname, lastname, groups); err != nil {
if promo == 0 {
promo = currentPromo
}
if usr, err = NewUser(username, email, firstname, lastname, promo, groups); err != nil {
return
}
} else if usr, err = getUserByLogin(username); err != nil {
return
}
upd_user := false
// Update user's promo if it has changed
if promo != 0 && promo != usr.Promo {
usr.Promo = promo
upd_user = true
}
// Update user's group if they have been modified
if len(groups) > 0 {
if len(groups) > 255 {
groups = groups[:255]
}
if usr.Groups != groups {
usr.Groups = groups
usr.Update()
upd_user = true
}
}
if upd_user {
usr.Update()
}
if session == nil {
session, err = usr.NewSession()
} else {
_, err = session.SetUser(usr)
if err != nil {
return
}
}
if face_url != "" {
session.SetKey("picture", face_url)
}
_, err = session.SetUser(usr)
if err != nil {
return
}
@ -137,7 +157,7 @@ func dummyAuth(c *gin.Context) {
return
}
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], "", nil); err != nil {
if usr, err := completeAuth(c, lf["username"], lf["email"], lf["firstname"], lf["lastname"], currentPromo, "", "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return
} else {

2
auth_krb5.go
View File

@ -83,7 +83,7 @@ func checkAuthKrb5(c *gin.Context) {
return
}
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", "", nil); err != nil {
if usr, err := completeAuth(c, lf.Login, lf.Login+"@epita.fr", "", "", currentPromo, "", "", nil); err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"errmsg": err.Error()})
return
} else {

32
auth_oidc.go
View File

@ -48,7 +48,7 @@ func initializeOIDC(router *gin.Engine) {
Endpoint: provider.Endpoint(),
// "openid" is a required scope for OpenID Connect flows.
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita"},
Scopes: []string{oidc.ScopeOpenID, "profile", "email", "epita", "picture"},
}
oidcConfig := oidc.Config{
@ -105,15 +105,20 @@ func OIDC_CRI_complete(c *gin.Context) {
}
var claims struct {
Firstname string `json:"given_name"`
Lastname string `json:"family_name"`
Nickname string `json:"nickname"`
Username string `json:"preferred_username"`
Email string `json:"email"`
Groups []map[string]interface{} `json:"groups"`
Firstname string `json:"given_name"`
Lastname string `json:"family_name"`
Username string `json:"preferred_username"`
Email string `json:"email"`
Groups []map[string]interface{} `json:"groups"`
Campuses []string `json:"campuses"`
GraduationYears []uint `json:"graduation_years"`
Picture string `json:"picture"`
PictureSquare string `json:"picture_square"`
PictureThumb string `json:"picture_thumb"`
}
if err := idToken.Claims(&claims); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
log.Println("Unable to extract claims to Claims:", err.Error())
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": "Something goes wrong when analyzing your claims. Contact administrator to fix the issue."})
return
}
@ -124,7 +129,16 @@ func OIDC_CRI_complete(c *gin.Context) {
}
}
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, groups, session); err != nil {
var promo uint
if len(claims.GraduationYears) > 0 {
for _, gy := range claims.GraduationYears {
if gy > promo {
promo = gy
}
}
}
if _, err := completeAuth(c, claims.Username, claims.Email, claims.Firstname, claims.Lastname, promo, groups, claims.PictureSquare, session); err != nil {
c.AbortWithStatusJSON(http.StatusInternalServerError, gin.H{"errmsg": err.Error()})
return
}

6
users.go
View File

@ -207,14 +207,14 @@ func userExists(login string) bool {
return err == nil && z == 1
}
func NewUser(login string, email string, firstname string, lastname string, groups string) (*User, error) {
func NewUser(login string, email string, firstname string, lastname string, promo uint, groups string) (*User, error) {
t := time.Now()
if res, err := DBExec("INSERT INTO users (login, email, firstname, lastname, time, promo, groups) VALUES (?, ?, ?, ?, ?, ?, ?)", login, email, firstname, lastname, t, currentPromo, groups); err != nil {
if res, err := DBExec("INSERT INTO users (login, email, firstname, lastname, time, promo, groups) VALUES (?, ?, ?, ?, ?, ?, ?)", login, email, firstname, lastname, t, promo, groups); err != nil {
return nil, err
} else if sid, err := res.LastInsertId(); err != nil {
return nil, err
} else {
return &User{sid, login, email, firstname, lastname, t, currentPromo, groups, false}, nil
return &User{sid, login, email, firstname, lastname, t, promo, groups, false}, nil
}
}