Merge pull request #23 from vladsf/fix_oauth_groups

Add support for a list of groups represented as maps in OAuth.
concourse · Nov 17, 2021 · 7309fa2 · 7309fa2
2 parents 8ed794c + 230fb2d
commit 7309fa2
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/connector/oauth/oauth.go b/connector/oauth/oauth.go
@@ -249,6 +249,11 @@ func (c *oauthConnector) addGroupsFromMap(groups map[string]bool, result map[str
 		if groupString, ok := group.(string); ok {
 			groups[groupString] = true
 		}
+		if groupMap, ok := group.(map[string]interface{}); ok {
+			if groupName, ok := groupMap["name"].(string); ok {
+				groups[groupName] = true
+			}
+		}
 	}
 
 	return nil

diff --git a/connector/oauth/oauth_test.go b/connector/oauth/oauth_test.go
@@ -100,6 +100,42 @@ func TestHandleCallBackForGroupsInUserInfo(t *testing.T) {
 	assert.Equal(t, identity.EmailVerified, false)
 }
 
+func TestHandleCallBackForGroupMapsInUserInfo(t *testing.T) {
+	tokenClaims := map[string]interface{}{}
+
+	userInfoClaims := map[string]interface{}{
+		"name":               "test-name",
+		"user_id_key":        "test-user-id",
+		"user_name_key":      "test-username",
+		"preferred_username": "test-preferred-username",
+		"mail":               "mod_mail",
+		"has_verified_email": false,
+		"groups_key": []interface{}{
+			map[string]string{"name": "admin-group", "id": "111"},
+			map[string]string{"name": "user-group", "id": "222"},
+		},
+	}
+
+	testServer := testSetup(t, tokenClaims, userInfoClaims)
+	defer testServer.Close()
+
+	conn := newConnector(t, testServer.URL)
+	req := newRequestWithAuthCode(t, testServer.URL, "some-code")
+
+	identity, err := conn.HandleCallback(connector.Scopes{Groups: true}, req)
+	assert.Equal(t, err, nil)
+
+	sort.Strings(identity.Groups)
+	assert.Equal(t, len(identity.Groups), 2)
+	assert.Equal(t, identity.Groups[0], "admin-group")
+	assert.Equal(t, identity.Groups[1], "user-group")
+	assert.Equal(t, identity.UserID, "test-user-id")
+	assert.Equal(t, identity.Username, "test-username")
+	assert.Equal(t, identity.PreferredUsername, "test-preferred-username")
+	assert.Equal(t, identity.Email, "mod_mail")
+	assert.Equal(t, identity.EmailVerified, false)
+}
+
 func TestHandleCallBackForGroupsInToken(t *testing.T) {
 	tokenClaims := map[string]interface{}{
 		"groups_key": []string{"test-group"},