mirror of
https://github.com/go-gitea/gitea.git
synced 2024-11-25 17:56:48 +08:00
Allow preferred_username
as username source for OIDC (#30454)
This PR adds the preferred_username claim as a possible username source for the oauth2_client. Closes #21518
This commit is contained in:
parent
cf9061f44a
commit
6ba0c371c2
|
@ -1553,8 +1553,9 @@ LEVEL = Info
|
||||||
;; The source of the username for new oauth2 accounts:
|
;; The source of the username for new oauth2 accounts:
|
||||||
;; userid = use the userid / sub attribute
|
;; userid = use the userid / sub attribute
|
||||||
;; nickname = use the nickname attribute
|
;; nickname = use the nickname attribute
|
||||||
|
;; preferred_username = use the preferred_username attribute
|
||||||
;; email = use the username part of the email attribute
|
;; email = use the username part of the email attribute
|
||||||
;; Note: `nickname` and `email` options will normalize input strings using the following criteria:
|
;; Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria:
|
||||||
;; - diacritics are removed
|
;; - diacritics are removed
|
||||||
;; - the characters in the set `['´\x60]` are removed
|
;; - the characters in the set `['´\x60]` are removed
|
||||||
;; - the characters in the set `[\s~+]` are replaced with `-`
|
;; - the characters in the set `[\s~+]` are replaced with `-`
|
||||||
|
|
|
@ -608,9 +608,10 @@ And the following unique queues:
|
||||||
- `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
|
- `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
|
||||||
- `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
|
- `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
|
||||||
- `userid` - use the userid / sub attribute
|
- `userid` - use the userid / sub attribute
|
||||||
- `nickname` - use the nickname attribute
|
- `nickname` - use the nickname
|
||||||
|
- `preferred_username` - use the preferred_username
|
||||||
- `email` - use the username part of the email attribute
|
- `email` - use the username part of the email attribute
|
||||||
- Note: `nickname` and `email` options will normalize input strings using the following criteria:
|
- Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria:
|
||||||
- diacritics are removed
|
- diacritics are removed
|
||||||
- the characters in the set `['´\x60]` are removed
|
- the characters in the set `['´\x60]` are removed
|
||||||
- the characters in the set `[\s~+]` are replaced with `-`
|
- the characters in the set `[\s~+]` are replaced with `-`
|
||||||
|
|
|
@ -22,11 +22,13 @@ const (
|
||||||
OAuth2UsernameNickname OAuth2UsernameType = "nickname"
|
OAuth2UsernameNickname OAuth2UsernameType = "nickname"
|
||||||
// OAuth2UsernameEmail username of oauth2 email field will be used as gitea name
|
// OAuth2UsernameEmail username of oauth2 email field will be used as gitea name
|
||||||
OAuth2UsernameEmail OAuth2UsernameType = "email"
|
OAuth2UsernameEmail OAuth2UsernameType = "email"
|
||||||
|
// OAuth2UsernameEmail username of oauth2 preferred_username field will be used as gitea name
|
||||||
|
OAuth2UsernamePreferredUsername OAuth2UsernameType = "preferred_username"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (username OAuth2UsernameType) isValid() bool {
|
func (username OAuth2UsernameType) isValid() bool {
|
||||||
switch username {
|
switch username {
|
||||||
case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail:
|
case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail, OAuth2UsernamePreferredUsername:
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
|
|
|
@ -386,6 +386,13 @@ func getUserName(gothUser *goth.User) (string, error) {
|
||||||
switch setting.OAuth2Client.Username {
|
switch setting.OAuth2Client.Username {
|
||||||
case setting.OAuth2UsernameEmail:
|
case setting.OAuth2UsernameEmail:
|
||||||
return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0])
|
return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0])
|
||||||
|
case setting.OAuth2UsernamePreferredUsername:
|
||||||
|
preferredUsername, exists := gothUser.RawData["preferred_username"]
|
||||||
|
if exists {
|
||||||
|
return user_model.NormalizeUserName(preferredUsername.(string))
|
||||||
|
} else {
|
||||||
|
return "", fmt.Errorf("preferred_username is missing in received user data but configured as username source for user_id %q. Check if OPENID_CONNECT_SCOPES contains profile", gothUser.UserID)
|
||||||
|
}
|
||||||
case setting.OAuth2UsernameNickname:
|
case setting.OAuth2UsernameNickname:
|
||||||
return user_model.NormalizeUserName(gothUser.NickName)
|
return user_model.NormalizeUserName(gothUser.NickName)
|
||||||
default: // OAuth2UsernameUserid
|
default: // OAuth2UsernameUserid
|
||||||
|
|
Loading…
Reference in New Issue
Block a user