proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 11:32:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

openid: allow arbitrary username-claims

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2021-11-18 14:24:24 +01:00
parent 6f643e7953
commit 271bbc10e9
2 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/PVE/API2/OpenId.pm
View File

@ -165,22 +165,19 @@ __PACKAGE__->register_method ({
my $info = $openid->verify_authorization_code($param->{code}, $private_auth_state);
my $subject = $info->{'sub'};
die "missing openid claim 'sub'\n" if !defined($subject);
my $unique_name = $subject; # default
my $unique_name;
if (defined(my $user_attr = $config->{'username-claim'})) {
if ($user_attr eq 'subject') {
if (defined($info->{$user_attr})) {
$unique_name = $info->{$user_attr};
} elsif ($user_attr eq 'subject') { # stay compat with old versions
$unique_name = $subject;
} elsif ($user_attr eq 'username') {
} elsif ($user_attr eq 'username') { # stay compat with old versions
my $username = $info->{'preferred_username'};
die "missing claim 'preferred_username'\n" if !defined($username);
$unique_name = $username;
} elsif ($user_attr eq 'email') {
my $email = $info->{'email'};
die "missing claim 'email'\n" if !defined($email);
$unique_name = $email;
} else {
die "got unexpected value for 'username-claim': '${user_attr}'\n";
# neither the attr nor fallback are defined in info..
die "missing configured claim '$user_attr'\n";
}
}

1
src/PVE/Auth/OpenId.pm
View File

@ -40,7 +40,6 @@ sub properties {
"username-claim" => {
description => "OpenID claim used to generate the unique username.",
type => 'string',
enum => ['subject', 'username', 'email'],
optional => 1,
},
};