From 4db34dc5fa309ef249e38181980fac1ec6a12462 Mon Sep 17 00:00:00 2001 From: whnbaek Date: Mon, 21 Aug 2023 05:22:29 +0900 Subject: [PATCH] username and groups claim moved inside openid scope --- src/oidc/account.ts | 20 ++++++++------------ src/oidc/configuration.ts | 21 ++++++++------------- 2 files changed, 16 insertions(+), 25 deletions(-) diff --git a/src/oidc/account.ts b/src/oidc/account.ts index ced9255..5ca3622 100644 --- a/src/oidc/account.ts +++ b/src/oidc/account.ts @@ -1,20 +1,16 @@ // @ts-expect-error: https://github.com/microsoft/TypeScript/issues/49721 import type { Account } from 'oidc-provider'; -interface Profile { - name: string; - username: string; - student_id: string; -} - class OIDCAccount implements Account { [key: string]: unknown; constructor( public accountId: string, - public profile: Profile, - public email: string, + public username: string, public groups: Array, + public name: string, + public student_id: string, + public email: string, ) {} /** @@ -28,11 +24,11 @@ class OIDCAccount implements Account { async claims() { return { sub: this.accountId, - name: this.profile.name, - username: this.profile.username, - student_id: this.profile.student_id, - email: this.email, + username: this.username, groups: this.groups, + name: this.name, + student_id: this.student_id, + email: this.email, }; } } diff --git a/src/oidc/configuration.ts b/src/oidc/configuration.ts index b25b645..2db8bc5 100644 --- a/src/oidc/configuration.ts +++ b/src/oidc/configuration.ts @@ -6,10 +6,9 @@ import OIDCAccount from './account'; import AdapterFactory from './adapter'; const claims = { - openid: ['sub'], - profile: ['name', 'username', 'student_id'], + openid: ['sub', 'username', 'groups'], + profile: ['name', 'student_id'], email: ['email'], - groups: ['groups'], }; export default function createOIDCConfig(model: Model, oidcConfig: Config['oidc']): Configuration { @@ -21,12 +20,14 @@ export default function createOIDCConfig(model: Model, oidcConfig: Config['oidc' return { adapter, findAccount: async (ctx, id) => { - const [profile, email, groups] = await model.pgDo(async tr => { + const [username, groups, name, student_id, email] = await model.pgDo(async tr => { // get name and username const userResult = await model.users.getByUserIdx(tr, Number(id)); if (!userResult.name || !userResult.username) { throw new Error('name or username empty'); } + const username = userResult.username; + const name = userResult.name; // ~84: YYXX-NNNN, 85 ~ 99: YYXXX-NNN, 00 ~: YYYY-NNNNN // get student id, hard-coded by ataching '19' and sorting @@ -41,12 +42,7 @@ export default function createOIDCConfig(model: Model, oidcConfig: Config['oidc' })) .sort((a, b) => b.year - a.year) .map(({ sid }) => sid)[0]; - - const profile = { - name: userResult.name, - username: userResult.username, - student_id: primarySid, - }; + const student_id = primarySid; // get email, hard-coded, 1. snu.ac.kr, 2. last row const emailResult = await model.emailAddresses.getEmailsByOwnerIdx(tr, Number(id)); @@ -66,10 +62,10 @@ export default function createOIDCConfig(model: Model, oidcConfig: Config['oidc' ]]); const groups = groupResult.rows.map(r => r.identifier); - return [profile, email, groups]; + return [username, groups, name, student_id, email]; }); - return new OIDCAccount(id, profile, email, groups); + return new OIDCAccount(id, username, groups, name, student_id, email); }, async loadExistingGrant(ctx) { if (!ctx.oidc.client || !ctx.oidc.session || !ctx.oidc.result) { @@ -108,7 +104,6 @@ export default function createOIDCConfig(model: Model, oidcConfig: Config['oidc' ...claims.openid, ...claims.profile, ...claims.email, - ...claims.groups, ]); await grant.save(); return grant;