From 57037a4fa94a6c9b94354061d571d46284cd9de4 Mon Sep 17 00:00:00 2001 From: Vlad Safronov Date: Mon, 25 Oct 2021 21:42:05 +0300 Subject: [PATCH 1/2] skymarshal: behaviour: Handle groups as maps There are cases when groups are represented as a list of maps, not strings e.g. "groups":[{"id":"1", "name":"gr1"},{"id": "2", "name":"gr2"}]. Handle groups represented as a list of maps. concourse/dex#23 Signed-off-by: Vlad Safronov --- connector/oauth/oauth.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index ea91a8469f..23b70247f1 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -249,6 +249,9 @@ func (c *oauthConnector) addGroupsFromMap(groups map[string]bool, result map[str if groupString, ok := group.(string); ok { groups[groupString] = true } + if groupMap, ok := group.(map[string]interface{}); ok { + groups[groupMap["name"]] = true + } } return nil From 230fb2dcf2d66a8dfbf40b5a8a178e72489c17d8 Mon Sep 17 00:00:00 2001 From: Vlad Safronov Date: Wed, 3 Nov 2021 22:41:29 +0300 Subject: [PATCH 2/2] Add a test case Signed-off-by: Vlad Safronov --- connector/oauth/oauth.go | 4 +++- connector/oauth/oauth_test.go | 36 +++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go index 23b70247f1..378f04d626 100644 --- a/connector/oauth/oauth.go +++ b/connector/oauth/oauth.go @@ -250,7 +250,9 @@ func (c *oauthConnector) addGroupsFromMap(groups map[string]bool, result map[str groups[groupString] = true } if groupMap, ok := group.(map[string]interface{}); ok { - groups[groupMap["name"]] = true + if groupName, ok := groupMap["name"].(string); ok { + groups[groupName] = true + } } } diff --git a/connector/oauth/oauth_test.go b/connector/oauth/oauth_test.go index 077dcc9987..a6bd544767 100644 --- a/connector/oauth/oauth_test.go +++ b/connector/oauth/oauth_test.go @@ -100,6 +100,42 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) { assert.Equal(t, identity.EmailVerified, false) } +func TestHandleCallBackForGroupMapsInUserInfo(t *testing.T) { + tokenClaims := map[string]interface{}{} + + userInfoClaims := map[string]interface{}{ + "name": "test-name", + "user_id_key": "test-user-id", + "user_name_key": "test-username", + "preferred_username": "test-preferred-username", + "mail": "mod_mail", + "has_verified_email": false, + "groups_key": []interface{}{ + map[string]string{"name": "admin-group", "id": "111"}, + map[string]string{"name": "user-group", "id": "222"}, + }, + } + + testServer := testSetup(t, tokenClaims, userInfoClaims) + defer testServer.Close() + + conn := newConnector(t, testServer.URL) + req := newRequestWithAuthCode(t, testServer.URL, "some-code") + + identity, err := conn.HandleCallback(connector.Scopes{Groups: true}, req) + assert.Equal(t, err, nil) + + sort.Strings(identity.Groups) + assert.Equal(t, len(identity.Groups), 2) + assert.Equal(t, identity.Groups[0], "admin-group") + assert.Equal(t, identity.Groups[1], "user-group") + assert.Equal(t, identity.UserID, "test-user-id") + assert.Equal(t, identity.Username, "test-username") + assert.Equal(t, identity.PreferredUsername, "test-preferred-username") + assert.Equal(t, identity.Email, "mod_mail") + assert.Equal(t, identity.EmailVerified, false) +} + func TestHandleCallBackForGroupsInToken(t *testing.T) { tokenClaims := map[string]interface{}{ "groups_key": []string{"test-group"},