mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-07-18 03:24:01 -04:00
Merge pull request #2755 from owncloud/fix-basic-auth-with-custom-user-claim
fix basic auth with custom user claim
This commit is contained in:
@@ -0,0 +1,7 @@
|
||||
Bugfix: Fix basic auth with custom user claim
|
||||
|
||||
We've fixed authentication with basic if oCIS is configured to use a non-standard claim
|
||||
as user claim (`PROXY_USER_OIDC_CLAIM`). Prior to this bugfix the authentication always
|
||||
failed and is now working.
|
||||
|
||||
https://github.com/owncloud/ocis/pull/2755
|
||||
@@ -220,6 +220,8 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config)
|
||||
middleware.EnableBasicAuth(cfg.EnableBasicAuth),
|
||||
middleware.UserProvider(userProvider),
|
||||
middleware.OIDCIss(cfg.OIDC.Issuer),
|
||||
middleware.UserOIDCClaim(cfg.UserOIDCClaim),
|
||||
middleware.UserCS3Claim(cfg.UserCS3Claim),
|
||||
middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent),
|
||||
),
|
||||
middleware.SignedURLAuth(
|
||||
|
||||
@@ -126,6 +126,8 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler {
|
||||
EnableBasicAuth(options.EnableBasicAuth),
|
||||
AccountsClient(options.AccountsClient),
|
||||
OIDCIss(options.OIDCIss),
|
||||
UserOIDCClaim(options.UserOIDCClaim),
|
||||
UserCS3Claim(options.UserCS3Claim),
|
||||
CredentialsByUserAgent(options.CredentialsByUserAgent),
|
||||
)
|
||||
}
|
||||
|
||||
@@ -84,10 +84,17 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
|
||||
|
||||
// fake oidc claims
|
||||
claims := map[string]interface{}{
|
||||
oidc.OwncloudUUID: user.Id.OpaqueId,
|
||||
oidc.Iss: user.Id.Idp,
|
||||
oidc.PreferredUsername: user.Username,
|
||||
oidc.Email: user.Mail,
|
||||
oidc.OwncloudUUID: user.Id.OpaqueId,
|
||||
}
|
||||
|
||||
if options.UserCS3Claim == "userid" {
|
||||
// set the custom user claim only if users will be looked up by the userid on the CS3api
|
||||
// OpaqueId contains the userid configured in STORAGE_LDAP_USER_SCHEMA_UID
|
||||
claims[options.UserOIDCClaim] = user.Id.OpaqueId
|
||||
|
||||
}
|
||||
|
||||
next.ServeHTTP(w, req.WithContext(oidc.NewContext(req.Context(), claims)))
|
||||
|
||||
Reference in New Issue
Block a user