Add parsing claims

2020-10-25 19:53:56 +01:00 · 2020-10-25 19:53:56 +01:00 · 52d9c25125
parent 05e4bfdca0
commit 52d9c25125
4 changed files with 27 additions and 18 deletions
--- a/config.yml.sample
+++ b/config.yml.sample
@ -233,6 +233,7 @@ auth:
    # A list of enabled providers
    providers:
        # The name of the provider as it will appear in the frontend.
+        # **If you change this after users already authenticated with this provider, users will loose access to their accounts!**
      - name:
        # The auth url to send users to if they want to authenticate using OpenID Connect.
        authurl:
--- a/pkg/modules/auth/openid/openid.go
+++ b/pkg/modules/auth/openid/openid.go
@ -17,6 +17,7 @@
 package openid

 import (
+	apiv1 "code.vikunja.io/api/pkg/routes/api/v1"
 	"context"
 	"encoding/json"
 	"net/http"
@ -48,6 +49,12 @@ type Provider struct {
 	Oauth2Config   *oauth2.Config `json:"-"`
 }

+type claims struct {
+	Email             string `json:"email"`
+	Name              string `json:"name"`
+	PreferredUsername string `json:"preferred_username"`
+}
+
 func getKeyFromName(name string) string {
 	reg, _ := regexp.Compile("[^a-z0-9]+")
 	return reg.ReplaceAllString(strings.ToLower(name), "")
@ -167,27 +174,24 @@ func HandleCallback(c echo.Context) error {
 	// Parse and verify ID Token payload.
 	idToken, err := verifier.Verify(context.Background(), rawIDToken)
 	if err != nil {
-		log.Error(err)
 		return err
 	}

 	// Extract custom claims
-	var claims struct {
-		Email    string `json:"email"`
-		Verified bool   `json:"email_verified"`
-	}
-	if err := idToken.Claims(&claims); err != nil {
-		log.Error(err)
+	cl := &claims{}
+	err = idToken.Claims(cl)
+	if err != nil {
 		return err
 	}

-	// Get the userinfo
-
 	// Check if we have seen this user before
+	u, err := getOrCreateUser(cl, idToken.Issuer, idToken.Subject)
+	if err != nil {
+		return err
+	}

-	// Log them in
-
-	return nil
+	// Create token
+	return apiv1.NewUserAuthTokenResponse(u, c)
 }

 func getOrCreateUser() (u *user.User, err error) {
--- a/pkg/routes/api/v1/auth.go
+++ b/pkg/routes/api/v1/auth.go
@ -35,6 +35,15 @@ const (
 	AuthTypeLinkShare
 )

+func NewUserAuthTokenResponse(u *user.User, c echo.Context) error {
+	t, err := NewUserJWTAuthtoken(u)
+	if err != nil {
+		return err
+	}
+
+	return c.JSON(http.StatusOK, Token{Token: t})
+}
+
 // NewUserJWTAuthtoken generates and signes a new jwt token for a user. This is a global function to be able to call it from integration tests.
 func NewUserJWTAuthtoken(user *user.User) (token string, err error) {
 	t := jwt.New(jwt.SigningMethodHS256)
--- a/pkg/routes/api/v1/login.go
+++ b/pkg/routes/api/v1/login.go
@ -114,10 +114,5 @@ func RenewToken(c echo.Context) (err error) {
 	}

 	// Create token
-	t, err := NewUserJWTAuthtoken(user)
-	if err != nil {
-		return err
-	}
-
-	return c.JSON(http.StatusOK, Token{Token: t})
+	return NewUserAuthTokenResponse(user, c)
 }