Merge pull request #2755 from owncloud/fix-basic-auth-with-custom-user-claim

fix basic auth with custom user claim
This commit is contained in:
Willy Kloucek
2021-11-15 14:04:06 +01:00
committed by GitHub
4 changed files with 19 additions and 1 deletions

View File

@@ -0,0 +1,7 @@
Bugfix: Fix basic auth with custom user claim
We've fixed authentication with basic if oCIS is configured to use a non-standard claim
as user claim (`PROXY_USER_OIDC_CLAIM`). Prior to this bugfix the authentication always
failed and is now working.
https://github.com/owncloud/ocis/pull/2755

View File

@@ -220,6 +220,8 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
middleware.EnableBasicAuth(cfg.EnableBasicAuth),
middleware.UserProvider(userProvider),
middleware.OIDCIss(cfg.OIDC.Issuer),
middleware.UserOIDCClaim(cfg.UserOIDCClaim),
middleware.UserCS3Claim(cfg.UserCS3Claim),
middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent),
),
middleware.SignedURLAuth(

View File

@@ -126,6 +126,8 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler {
EnableBasicAuth(options.EnableBasicAuth),
AccountsClient(options.AccountsClient),
OIDCIss(options.OIDCIss),
UserOIDCClaim(options.UserOIDCClaim),
UserCS3Claim(options.UserCS3Claim),
CredentialsByUserAgent(options.CredentialsByUserAgent),
)
}

View File

@@ -84,10 +84,17 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
// fake oidc claims
claims := map[string]interface{}{
oidc.OwncloudUUID: user.Id.OpaqueId,
oidc.Iss: user.Id.Idp,
oidc.PreferredUsername: user.Username,
oidc.Email: user.Mail,
oidc.OwncloudUUID: user.Id.OpaqueId,
}
if options.UserCS3Claim == "userid" {
// set the custom user claim only if users will be looked up by the userid on the CS3api
// OpaqueId contains the userid configured in STORAGE_LDAP_USER_SCHEMA_UID
claims[options.UserOIDCClaim] = user.Id.OpaqueId
}
next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims)))