Bladeren bron

feat: set groups based on OIDC claim (#5568)

Co-authored-by: Nicolas Giard <github@ngpixel.com>
Fionera 3 jaren geleden
bovenliggende
commit
91221e73eb

+ 11 - 0
server/modules/authentication/oidc/authentication.js

@@ -29,6 +29,17 @@ module.exports = {
               email: _.get(profile, '_json.' + conf.emailClaim)
             }
           })
+          if (conf.mapGroups) {
+            const groups = _.get(profile, '_json.' + conf.groupsClaim)
+            if (groups) {
+              const groupIDs = Object.values(WIKI.auth.groups)
+                .filter(g => groups.includes(g.name))
+                .map(g => g.id)
+              for (let groupID of groupIDs) {
+                await user.$relatedQuery('groups').relate(groupID)
+              }
+            }
+          }
           cb(null, user)
         } catch (err) {
           cb(err, null)

+ 14 - 1
server/modules/authentication/oidc/definition.yml

@@ -49,8 +49,21 @@ props:
     default: email
     maxWidth: 500
     order: 7
+  mapGroups:
+    type: Boolean
+    title: Map Groups
+    hint: Map groups matching names from the groups claim value
+    default: false
+    order: 8
+  groupsClaim:
+    type: String
+    title: Groups Claim
+    hint: Field containing the group names
+    default: groups
+    maxWidth: 500
+    order: 9
   logoutURL:
     type: String
     title: Logout URL
     hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
-    order: 8
+    order: 10