From fbca16fc9a50917919ba71d6dd891c7afc42b010 Mon Sep 17 00:00:00 2001 From: Timmy Welch Date: Wed, 24 May 2023 17:40:23 -0700 Subject: [PATCH] Improve username extraction --- internal/identity/identity.go | 35 +++++++++++++++++++++-------------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/internal/identity/identity.go b/internal/identity/identity.go index 9b55c1e..e557110 100644 --- a/internal/identity/identity.go +++ b/internal/identity/identity.go @@ -98,14 +98,26 @@ func (i *Identity) getUsernames(idToken *oidc.IDToken) ([]string, error) { claimedUsernames := getClaim(claim, claims) + if len(claimedUsernames) == 0 { + log.Println(Entry{ + Severity: "NOTICE", + Message: fmt.Sprintf("Did not find a username using: getClaim(%#v, %#v)", claim, claims), + }) + } + if idx < len(i.usernameREs) { for _, name := range claimedUsernames { usernames = append(usernames, parseUsername(name, i.usernameREs[idx])) } } else { usernames = append(usernames, claimedUsernames...) + } } + log.Println(Entry{ + Severity: "NOTICE", + Message: fmt.Sprintf("Adding usernames: %v", usernames), + }) if len(usernames) < 1 { return nil, errors.New("configured username claim not in identity token") } @@ -124,20 +136,6 @@ func getClaim(claim string, claims map[string]interface{}) []string { parts := strings.Split(claim, ".") f: for idx, part := range parts { - if idx == len(parts)-1 { - name, ok := claims[part].(string) - if ok { - usernames = append(usernames, name) - } - return base64Decode(usernames) - } - - fmt.Println(part) - log.Println(Entry{ - Severity: "NOTICE", - Message: fmt.Sprintf("Fuck Off: %v", claims), - Component: part, - }) switch v := claims[part].(type) { case map[string]interface{}: claims = v @@ -149,6 +147,15 @@ f: } } break f + case []interface{}: + for _, value := range v { + if name, ok := value.(string); ok { + usernames = append(usernames, name) + } + } + break f + case string: + usernames = append(usernames, v) default: break f }