3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-25 13:37:00 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/staging' into develop

Browse source
This commit is contained in:
Andrey Antukh 2023-04-24 16:55:18 +02:00
commit 6af783ea91
41 changed files with 10253 additions and 1796 deletions
Download patch file Download diff file Expand all files Collapse all files

17
backend/src/app/auth/oidc.clj
View file

@ -194,7 +194,7 @@
;; Additional hooks for provider specific way of
;; retrieve emails.
:get-email-fn (partial retrieve-github-email cfg)}]
:get-email-fn (partial retrieve-github-email cfg)}]
(when (contains? cf/flags :login-with-github)
(if (and (string? (:client-id opts))
@ -367,6 +367,11 @@
::fullname
::props]))
(defn- parse-oidc-role-attrs
[path]
(let [[fitem & items] (str/split path "__")]
(into [(keyword "oidc" fitem)] (map keyword) items)))
(defn get-info
[{:keys [provider] :as cfg} {:keys [params] :as request}]
(when-let [error (get params :error)]
@ -385,16 +390,18 @@
;; roles if they are defined.
(when (and (= "oidc" (:name provider))
(seq (:roles provider)))
(let [provider-roles (into #{} (:roles provider))
profile-roles (let [attr (cf/get :oidc-roles-attr :roles)
roles (get info attr)]
(let [expected-roles (into #{} (:roles provider))
current-roles (let [roles (->> (cf/get :oidc-roles-attr "roles")
(parse-oidc-role-attrs)
(get-in info))]
(cond
(string? roles) (into #{} (str/words roles))
(vector? roles) (into #{} roles)
:else #{}))]
;; check if profile has a configured set of roles
(when-not (set/subset? provider-roles profile-roles)
(when-not (set/subset? expected-roles current-roles)
(ex/raise :type :internal
:code :unable-to-auth
:hint "not enough permissions"))))

2
backend/src/app/config.clj
View file

@ -153,7 +153,7 @@
(s/def ::oidc-user-uri ::us/string)
(s/def ::oidc-scopes ::us/set-of-strings)
(s/def ::oidc-roles ::us/set-of-strings)
(s/def ::oidc-roles-attr ::us/keyword)
(s/def ::oidc-roles-attr ::us/string)
(s/def ::oidc-email-attr ::us/keyword)
(s/def ::oidc-name-attr ::us/keyword)
(s/def ::host ::us/string)