Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix basic auth with custom user claim #2755

Merged
merged 3 commits into from
Nov 15, 2021
Merged

fix basic auth with custom user claim #2755

merged 3 commits into from
Nov 15, 2021

Conversation

wkloucek
Copy link
Contributor

@wkloucek wkloucek commented Nov 11, 2021
edited
Loading

Description

We've fixed authentication with basic if oCIS is configured to use a non-standard claim
as user claim (PROXY_USER_OIDC_CLAIM). Prior to this bugfix the authentication always
failed and is now working.

Related Issue

Motivation and Context

Make basic auth login work.

How Has This Been Tested?

  • test environment:
  • test case 1:
  • test case 2:
  • ...

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:

@wkloucek wkloucek marked this pull request as ready for review November 11, 2021 10:44
@wkloucek wkloucek requested review from butonic and C0rby November 11, 2021 10:44
@wkloucek wkloucek mentioned this pull request Nov 11, 2021
Closed
rhafer
rhafer suggested changes Nov 12, 2021
View reviewed changes
proxy/pkg/middleware/basic_auth.go Outdated
@@ -85,6 +85,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler {
// fake oidc claims
claims := map[string]interface{}{
oidc.OwncloudUUID: user.Id.OpaqueId,
options.UserOIDCClaim: user.Id.OpaqueId,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this give you a dupliacte key here? E.g. when options.UserOIDCClaim == oidc.Email (which AFAIU even is the default)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It indeed duplicates the key in some cases... But Go is fine with duplicate key as long as one of the duplicate keys is a variable... (https://play.golang.org/p/juVyt9SRnUf).

While looking at this I noticed, that options.UserOIDCClaim should only be set if use the userid to search for users on the CS3apis.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, thanks for clarifying. Didn't know that.

@wkloucek wkloucek force-pushed the fix-basic-auth-with-custom-user-claim branch from e67a759 to 7dca7b4 Compare November 15, 2021 09:31
@wkloucek wkloucek requested review from rhafer and C0rby November 15, 2021 09:31
rhafer
rhafer suggested changes Nov 15, 2021
View reviewed changes
Copy link
Contributor

@rhafer rhafer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nitpick about the comment. Otherwise lgtm.

proxy/pkg/middleware/basic_auth.go Outdated Show resolved Hide resolved
@wkloucek wkloucek requested a review from rhafer November 15, 2021 12:24
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@wkloucek wkloucek merged commit 117b2fe into master Nov 15, 2021
@delete-merged-branch delete-merged-branch bot deleted the fix-basic-auth-with-custom-user-claim branch November 15, 2021 13:04
ownclouders pushed a commit that referenced this pull request Nov 15, 2021
@wkloucek
commit 117b2fe
d4bf400 
Merge: ac7faad 62704ce
Author: Willy Kloucek <34452982+wkloucek@users.noreply.github.com>
Date:   Mon Nov 15 14:04:06 2021 +0100

    Merge pull request #2755 from owncloud/fix-basic-auth-with-custom-user-claim

    fix basic auth with custom user claim
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rhafer rhafer rhafer approved these changes

@butonic butonic Awaiting requested review from butonic

@C0rby C0rby Awaiting requested review from C0rby

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wkloucek @rhafer @C0rby