Configureable delimiter for remote auth groups (#1782)

* add groups-delimiter (REMOTE_AUTH_GROUPS_DELIMITER) for parsing groups from a remote auth source * added doc
2025-12-23 22:28:11 -05:00 · 2025-12-06 22:20:52 -05:00
parent 21e53e1609
commit 6eae9b88dc
4 changed files with 11 additions and 2 deletions
--- a/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java
+++ b/booklore-api/src/main/java/com/adityachandel/booklore/config/AppProperties.java
@@ -27,6 +27,7 @@ public class AppProperties {
        private String headerEmail;
        private String headerGroups;
        private String adminGroup;
+        private String groupsDelimiter = "\\s+";  // Default to whitespace for backward compatibility
    }

    @Getter
--- a/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java
+++ b/booklore-api/src/main/java/com/adityachandel/booklore/service/user/UserProvisioningService.java
@@ -25,7 +25,6 @@ import java.util.regex.Pattern;
@AllArgsConstructor
 public class UserProvisioningService {

-    private static final Pattern WHITESPACE_PATTERN = Pattern.compile("\\s+");
    private final AppProperties appProperties;
    private final UserRepository userRepository;
    private final LibraryRepository libraryRepository;
@@ -146,7 +145,9 @@ public class UserProvisioningService {
            if (groupsContent.length() >= 2 && groupsContent.charAt(0) == '[' && groupsContent.charAt(groupsContent.length() - 1) == ']') {
                groupsContent = groupsContent.substring(1, groupsContent.length() - 1);
            }
-            List<String> groupsList = Arrays.asList(WHITESPACE_PATTERN.split(groupsContent));
+            String delimiter = appProperties.getRemoteAuth().getGroupsDelimiter();
+            Pattern groupsPattern = Pattern.compile(delimiter);
+            List<String> groupsList = Arrays.asList(groupsPattern.split(groupsContent));
            isAdmin = groupsList.contains(appProperties.getRemoteAuth().getAdminGroup());
            log.debug("Remote-Auth: user {} will be admin: {}", username, isAdmin);
        }
--- a/booklore-api/src/main/resources/application.yaml
+++ b/booklore-api/src/main/resources/application.yaml
@@ -12,6 +12,7 @@ app:
    header-email: ${REMOTE_AUTH_HEADER_EMAIL:Remote-Email}
    header-groups: ${REMOTE_AUTH_HEADER_GROUPS:Remote-Groups}
    admin-group: ${REMOTE_AUTH_ADMIN_GROUP}
+    groups-delimiter: ${REMOTE_AUTH_GROUPS_DELIMITER:\\s+}
  force-disable-oidc: ${FORCE_DISABLE_OIDC:false}

 server:
--- a/docs/forward-auth-with-proxy.md
+++ b/docs/forward-auth-with-proxy.md
@@ -25,6 +25,11 @@ # Header names (your proxy will specify what header names to use)

 # Admin group name (optional)
 REMOTE_AUTH_ADMIN_GROUP=admin              # Specify this if you want a group to automatically get admin rights
+
+# Groups delimiter pattern (optional)
+REMOTE_AUTH_GROUPS_DELIMITER=\\s+          # Regex pattern for splitting groups. Default: "\\s+" (whitespace)
+                                           # Use "\\s*,\\s*" for comma-separated groups
+                                           # Use "\\s*;\\s*" for semicolon-separated groups
 ```

 ### Docker Compose Example
@@ -42,6 +47,7 @@ ### Docker Compose Example
      - REMOTE_AUTH_HEADER_EMAIL=Remote-Email
      - REMOTE_AUTH_HEADER_GROUPS=Remote-Groups
      - REMOTE_AUTH_ADMIN_GROUP=admin
+      # - REMOTE_AUTH_GROUPS_DELIMITER=\\s*,\\s*  # Uncomment if your proxy sends comma-separated groups
    # ... rest of configuration ...
 ```