OIDC: Moved name claim option handling from config to service

Closes #4494
This commit is contained in:
Dan Brown 2023-09-11 11:50:58 +01:00
parent 564dc70ac4
commit 05f2ec40cc
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
3 changed files with 22 additions and 4 deletions

View file

@ -142,10 +142,11 @@ class OidcService
*/
protected function getUserDisplayName(OidcIdToken $token, string $defaultValue): string
{
$displayNameAttr = $this->config()['display_name_claims'];
$displayNameAttrString = $this->config()['display_name_claims'] ?? '';
$displayNameAttrs = explode('|', $displayNameAttrString);
$displayName = [];
foreach ($displayNameAttr as $dnAttr) {
foreach ($displayNameAttrs as $dnAttr) {
$dnComponent = $token->getClaim($dnAttr) ?? '';
if ($dnComponent !== '') {
$displayName[] = $dnComponent;

View file

@ -9,7 +9,7 @@ return [
'dump_user_details' => env('OIDC_DUMP_USER_DETAILS', false),
// Claim, within an OpenId token, to find the user's display name
'display_name_claims' => explode('|', env('OIDC_DISPLAY_NAME_CLAIMS', 'name')),
'display_name_claims' => env('OIDC_DISPLAY_NAME_CLAIMS', 'name'),
// Claim, within an OpenID token, to use to connect a BookStack user to the OIDC user.
'external_id_claim' => env('OIDC_EXTERNAL_ID_CLAIM', 'sub'),

View file

@ -30,7 +30,7 @@ class OidcTest extends TestCase
'auth.method' => 'oidc',
'auth.defaults.guard' => 'oidc',
'oidc.name' => 'SingleSignOn-Testing',
'oidc.display_name_claims' => ['name'],
'oidc.display_name_claims' => 'name',
'oidc.client_id' => OidcJwtHelper::defaultClientId(),
'oidc.client_secret' => 'testpass',
'oidc.jwt_public_key' => $this->keyFilePath,
@ -408,6 +408,23 @@ class OidcTest extends TestCase
$this->assertEquals('xXBennyTheGeezXx', $user->external_auth_id);
}
public function test_auth_uses_mulitple_display_name_claims_if_configured()
{
config()->set(['oidc.display_name_claims' => 'first_name|last_name']);
$this->runLogin([
'email' => 'benny@example.com',
'sub' => 'benny1010101',
'first_name' => 'Benny',
'last_name' => 'Jenkins'
]);
$this->assertDatabaseHas('users', [
'name' => 'Benny Jenkins',
'email' => 'benny@example.com',
]);
}
public function test_login_group_sync()
{
config()->set([