OIDC: Moved name claim option handling from config to service
Closes #4494
This commit is contained in:
parent
564dc70ac4
commit
05f2ec40cc
3 changed files with 22 additions and 4 deletions
|
@ -142,10 +142,11 @@ class OidcService
|
|||
*/
|
||||
protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
|
||||
{
|
||||
$displayNameAttr = $this->config()['display_name_claims'];
|
||||
$displayNameAttrString = $this->config()['display_name_claims'] ?? '';
|
||||
$displayNameAttrs = explode('|', $displayNameAttrString);
|
||||
|
||||
$displayName = [];
|
||||
foreach ($displayNameAttr as $dnAttr) {
|
||||
foreach ($displayNameAttrs as $dnAttr) {
|
||||
$dnComponent = $token->getClaim($dnAttr) ?? '';
|
||||
if ($dnComponent !== '') {
|
||||
$displayName[] = $dnComponent;
|
||||
|
|
|
@ -9,7 +9,7 @@ return [
|
|||
'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
|
||||
|
||||
// Claim, within an OpenId token, to find the user's display name
|
||||
'display_name_claims' => explode('|', env('OIDC_DISPLAY_NAME_CLAIMS', 'name')),
|
||||
'display_name_claims' => env('OIDC_DISPLAY_NAME_CLAIMS', 'name'),
|
||||
|
||||
// Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
|
||||
'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),
|
||||
|
|
|
@ -30,7 +30,7 @@ class OidcTest extends TestCase
|
|||
'auth.method' => 'oidc',
|
||||
'auth.defaults.guard' => 'oidc',
|
||||
'oidc.name' => 'SingleSignOn-Testing',
|
||||
'oidc.display_name_claims' => ['name'],
|
||||
'oidc.display_name_claims' => 'name',
|
||||
'oidc.client_id' => OidcJwtHelper::defaultClientId(),
|
||||
'oidc.client_secret' => 'testpass',
|
||||
'oidc.jwt_public_key' => $this->keyFilePath,
|
||||
|
@ -408,6 +408,23 @@ class OidcTest extends TestCase
|
|||
$this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id);
|
||||
}
|
||||
|
||||
public function test_auth_uses_mulitple_display_name_claims_if_configured()
|
||||
{
|
||||
config()->set(['oidc.display_name_claims' => 'first_name|last_name']);
|
||||
|
||||
$this->runLogin([
|
||||
'email' => 'benny@example.com',
|
||||
'sub' => 'benny1010101',
|
||||
'first_name' => 'Benny',
|
||||
'last_name' => 'Jenkins'
|
||||
]);
|
||||
|
||||
$this->assertDatabaseHas('users', [
|
||||
'name' => 'Benny Jenkins',
|
||||
'email' => 'benny@example.com',
|
||||
]);
|
||||
}
|
||||
|
||||
public function test_login_group_sync()
|
||||
{
|
||||
config()->set([
|
||||
|
|
Loading…
Reference in a new issue