-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feat: enable dynamic profile field mapping via env variables for oidc…
… response (#1041) * feat: Enable dynamic profile field mapping via env variables * add oidc groups to access groups * fix: minor fix for typo * fix: set default oidc displayName to userInfo.name * Added removal of duplicates post-array concatenation * fixed typo and wrong user profile schema * Allow for override of configuration As not all config settings can be made as environment variables, provide a override mechanism to allow (build-time) configuration adjustments. An example for the graphql access groups provider will be in the next commit. Change-Id: I8dc82ca4f0ac0a1b60fa47eadb147c228a77b841 * Make the acccess groups service configurable Instead of requiring an explict service provider for each facility, use extended configurations. Basic enabling/disabling is implemented in the standard config via environment vars, GraphQL needs extendend configuration via localconfiguration. Change-Id: I2ed630bac8f1f66d4f754e5b95d6b232ec63cf3d * Add example graphql handler Change-Id: I832b6d9e2680aa8423441924de59c4157b50c8e6 * removed redundant code * OIDC userinfo and user query settings have been made configurable * improved if condition for parseQueryFilter * fixed wrong default logger method integration * improved logger message format * get accessGroupsProperty from userPayload for AccesGroupFromPayloadService * fix access-group-from-payload unit test fail * refactor: improved readability of parseQueryFilter in oidc.strategy file * fixed defaultLogger to log message without undefined even second parameter is not given. * moved externalId and provider of create-user-identity dto to update-user-identity dto * minor refactoring * README updates for new environment variables * Update README.md --------- Co-authored-by: Björn Pedersen <bjoern.pedersen@frm2.tum.de> Co-authored-by: Max Novelli <Max.Novelli@ess.eu>
- Loading branch information
1 parent
334b707
commit acc81ea
Showing
17 changed files
with
356 additions
and
69 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
src/auth/access-group-provider/access-group-from-multiple-providers.service.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 66 additions & 4 deletions
70
src/auth/access-group-provider/access-group-service-factory.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,17 +1,79 @@ | ||
import { ConfigService } from "@nestjs/config"; | ||
import { AccessGroupFromStaticValuesService } from "./access-group-from-static-values.service"; | ||
import { AccessGroupService } from "./access-group.service"; | ||
|
||
import { AccessGroupFromGraphQLApiService } from "./access-group-from-graphql-api-call.service"; | ||
import { AccessGroupFromPayloadService } from "./access-group-from-payload.service"; | ||
import { HttpService } from "@nestjs/axios"; | ||
import { AccessGroupFromMultipleProvidersService } from "./access-group-from-multiple-providers.service"; | ||
import { Logger } from "@nestjs/common"; | ||
import { ConfigModule } from "@nestjs/config"; | ||
/* | ||
* this is the default function which provides an empty array as groups | ||
*/ | ||
export const accessGroupServiceFactory = { | ||
imports: [ConfigModule], | ||
provide: AccessGroupService, | ||
useFactory: (configService: ConfigService) => { | ||
const accessGroupsStaticValues = configService.get( | ||
"accessGroupsStaticValues", | ||
Logger.debug("Service factory starting", "accessGroupServiceFactory"); | ||
const accessGroupsStaticConfig = configService.get( | ||
"accessGroupsStaticConfig", | ||
); | ||
const accessGroupsGraphQlConfig = configService.get( | ||
"accessGroupsGraphQlConfig", | ||
); | ||
return new AccessGroupFromStaticValuesService(accessGroupsStaticValues); | ||
const accessGroupsOIDCPayloadConfig = configService.get( | ||
"accessGroupsOIDCPayloadConfig", | ||
); | ||
|
||
const accessGroupServices: AccessGroupService[] = []; | ||
if (accessGroupsStaticConfig?.enabled == true) { | ||
Logger.log( | ||
JSON.stringify(accessGroupsStaticConfig), | ||
"loading static processor", | ||
); | ||
accessGroupServices.push( | ||
new AccessGroupFromStaticValuesService(accessGroupsStaticConfig.value), | ||
); | ||
} | ||
if (accessGroupsOIDCPayloadConfig?.enabled == true) { | ||
Logger.log( | ||
JSON.stringify(accessGroupsOIDCPayloadConfig), | ||
"loading oidc processor", | ||
); | ||
accessGroupServices.push( | ||
new AccessGroupFromPayloadService(configService), | ||
); | ||
} | ||
|
||
if (accessGroupsGraphQlConfig?.enabled == true) { | ||
Logger.log( | ||
JSON.stringify(accessGroupsGraphQlConfig), | ||
"loading graphql processor", | ||
); | ||
|
||
import(accessGroupsGraphQlConfig.responseProcessorSrc).then( | ||
(rpModule) => { | ||
const gh = rpModule.graphHandler; | ||
const responseProcessor: ( | ||
response: Record<string, unknown>, | ||
) => string[] = gh.responseProcessor; | ||
const graphqlTemplateQuery: string = gh.graphqlTemplateQuery; | ||
accessGroupServices.push( | ||
new AccessGroupFromGraphQLApiService( | ||
graphqlTemplateQuery, | ||
accessGroupsGraphQlConfig.apiUrl, | ||
{ | ||
Authorization: `Bearer ${accessGroupsGraphQlConfig.token}`, | ||
}, | ||
responseProcessor, | ||
new HttpService(), | ||
), | ||
); | ||
}, | ||
); | ||
} | ||
|
||
return new AccessGroupFromMultipleProvidersService(accessGroupServices); | ||
}, | ||
inject: [ConfigService], | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
export interface IOidcUserInfoMapping { | ||
id: string; | ||
username: string; | ||
displayName: string; | ||
familyName: string; | ||
email: string; | ||
thumbnailPhoto: string; | ||
groups?: string[]; | ||
provider?: string; | ||
[key: string]: string | string[] | undefined; | ||
} | ||
|
||
export interface IOidcUserQueryMapping { | ||
operator: string; | ||
filter: string[]; | ||
} |
Oops, something went wrong.