From 6eae9b88dcc499d3366480ce194bc9e4b3591b29 Mon Sep 17 00:00:00 2001 From: Andrew Roberts Date: Sat, 6 Dec 2025 22:20:52 -0500 Subject: [PATCH] Configureable delimiter for remote auth groups (#1782) * add groups-delimiter (REMOTE_AUTH_GROUPS_DELIMITER) for parsing groups from a remote auth source * added doc --- .../com/adityachandel/booklore/config/AppProperties.java | 1 + .../booklore/service/user/UserProvisioningService.java | 5 +++-- booklore-api/src/main/resources/application.yaml | 1 + docs/forward-auth-with-proxy.md | 6 ++++++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java b/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java index 0d075aac..3b196ec1 100644 --- a/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java +++ b/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java @@ -27,6 +27,7 @@ public class AppProperties { private String headerEmail; private String headerGroups; private String adminGroup; + private String groupsDelimiter = "\\s+"; // Default to whitespace for backward compatibility } @Getter diff --git a/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java b/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java index 325e4931..3a4a9655 100644 --- a/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java +++ b/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java @@ -25,7 +25,6 @@ import java.util.regex.Pattern; @AllArgsConstructor public class UserProvisioningService { - private static final Pattern WHITESPACE_PATTERN = Pattern.compile("\\s+"); private final AppProperties appProperties; private final UserRepository userRepository; private final LibraryRepository libraryRepository; @@ -146,7 +145,9 @@ public class UserProvisioningService { if (groupsContent.length() >= 2 && groupsContent.charAt(0) == '[' && groupsContent.charAt(groupsContent.length() - 1) == ']') { groupsContent = groupsContent.substring(1, groupsContent.length() - 1); } - List groupsList = Arrays.asList(WHITESPACE_PATTERN.split(groupsContent)); + String delimiter = appProperties.getRemoteAuth().getGroupsDelimiter(); + Pattern groupsPattern = Pattern.compile(delimiter); + List groupsList = Arrays.asList(groupsPattern.split(groupsContent)); isAdmin = groupsList.contains(appProperties.getRemoteAuth().getAdminGroup()); log.debug("Remote-Auth: user {} will be admin: {}", username, isAdmin); } diff --git a/booklore-api/src/main/resources/application.yaml b/booklore-api/src/main/resources/application.yaml index 7a7e3e74..a923016e 100644 --- a/booklore-api/src/main/resources/application.yaml +++ b/booklore-api/src/main/resources/application.yaml @@ -12,6 +12,7 @@ app: header-email: ${REMOTE_AUTH_HEADER_EMAIL:Remote-Email} header-groups: ${REMOTE_AUTH_HEADER_GROUPS:Remote-Groups} admin-group: ${REMOTE_AUTH_ADMIN_GROUP} + groups-delimiter: ${REMOTE_AUTH_GROUPS_DELIMITER:\\s+} force-disable-oidc: ${FORCE_DISABLE_OIDC:false} server: diff --git a/docs/forward-auth-with-proxy.md b/docs/forward-auth-with-proxy.md index f0914afe..93af1b69 100644 --- a/docs/forward-auth-with-proxy.md +++ b/docs/forward-auth-with-proxy.md @@ -25,6 +25,11 @@ # Header names (your proxy will specify what header names to use) # Admin group name (optional) REMOTE_AUTH_ADMIN_GROUP=admin # Specify this if you want a group to automatically get admin rights + +# Groups delimiter pattern (optional) +REMOTE_AUTH_GROUPS_DELIMITER=\\s+ # Regex pattern for splitting groups. Default: "\\s+" (whitespace) + # Use "\\s*,\\s*" for comma-separated groups + # Use "\\s*;\\s*" for semicolon-separated groups ``` ### Docker Compose Example @@ -42,6 +47,7 @@ ### Docker Compose Example - REMOTE_AUTH_HEADER_EMAIL=Remote-Email - REMOTE_AUTH_HEADER_GROUPS=Remote-Groups - REMOTE_AUTH_ADMIN_GROUP=admin + # - REMOTE_AUTH_GROUPS_DELIMITER=\\s*,\\s* # Uncomment if your proxy sends comma-separated groups # ... rest of configuration ... ```