✨ Improve profile props handling and audit log integration.

2025-06-03 10:51:42 +02:00 · 2021-05-20 10:46:45 +02:00 · 2021-05-20 10:46:45 +02:00 · 6c1e13b6e5
commit 6c1e13b6e5
parent 344622b1c1
3 changed files with 38 additions and 35 deletions
--- a/backend/src/app/http/oauth.clj
+++ b/backend/src/app/http/oauth.clj
@ -6,7 +6,6 @@

 (ns app.http.oauth
  (:require
-   [app.common.data :as d]
   [app.common.exceptions :as ex]
   [app.common.spec :as us]
   [app.common.uri :as u]
@ -99,10 +98,11 @@
          res (http/send! req)]

      (when (= 200 (:status res))
-        (let [{:keys [name] :as data} (json/read-str (:body res) :key-fn keyword)]
-          (-> data
-              (assoc :backend (:name provider))
-              (assoc :fullname name)))))
+        (let [info (json/read-str (:body res) :key-fn keyword)]
+          {:backend (:name provider)
+           :email (:email info)
+           :fullname (:name info)
+           :props (dissoc info :name :email)})))

    (catch Exception e
      (l/error :hint "unexpected exception on retrieve-user-info"
@ -118,7 +118,8 @@
                        (retrieve-user-info cfg))]
    (when-not info
      (ex/raise :type :internal
-                :code :unable-to-auth))
+                :code :unable-to-auth
+                :hint "no user info"))

    ;; If the provider is OIDC, we can proceed to check
    ;; roles if they are defined.
@ -141,8 +142,10 @@
      (some? (:invitation-token state))
      (assoc :invitation-token (:invitation-token state))

+      ;; If state token comes with props, merge them. The state token
+      ;; props can contain pm_ and utm_ prefixed query params.
      (map? (:props state))
-      (d/merge (:props state)))))
+      (update :props merge (:props state)))))

 ;; --- HTTP HANDLERS

@ -152,7 +155,8 @@
               (let [sk (name k)]
                 (cond-> params
                   (or (str/starts-with? sk "pm_")
-                       (str/starts-with? sk "pm-"))
+                       (str/starts-with? sk "pm-")
+                       (str/starts-with? sk "utm_"))
                   (assoc (-> sk str/kebab keyword) v))))
             {}
             params))
@ -254,9 +258,7 @@
  [cfg]
  (let [opts {:client-id     (cf/get :google-client-id)
              :client-secret (cf/get :google-client-secret)
-              :scopes        #{"email" "profile" "openid"
-                               "https://www.googleapis.com/auth/userinfo.email"
-                               "https://www.googleapis.com/auth/userinfo.profile"}
+              :scopes        #{"openid" "email" "profile"}
              :auth-uri      "https://accounts.google.com/o/oauth2/v2/auth"
              :token-uri     "https://oauth2.googleapis.com/token"
              :user-uri      "https://openidconnect.googleapis.com/v1/userinfo"
@ -272,8 +274,7 @@
  [cfg]
  (let [opts {:client-id     (cf/get :github-client-id)
              :client-secret (cf/get :github-client-secret)
-              :scopes        #{"read:user"
-                               "user:email"}
+              :scopes        #{"read:user" "user:email"}
              :auth-uri      "https://github.com/login/oauth/authorize"
              :token-uri     "https://github.com/login/oauth/access_token"
              :user-uri      "https://api.github.com/user"