Skip to content

Commit

Permalink
Merge branch 'issue/8' into release/v2.0.2
Browse files Browse the repository at this point in the history
  • Loading branch information
@t83714
t83714 committed Aug 4, 2023
2 parents debf08e + df8d064 commit 126a81a
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 12 deletions.
4 changes: 2 additions & 2 deletions deploy/magda-auth-oidc/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,10 +49,10 @@ spec:
"--maxClockSkew", {{ .Values.maxClockSkew | quote }},
{{- end }}
{{- if .Values.userDefaultOrgUnitId }}
"--orgUnitId", {{ .Values.userDefaultOrgUnitId | quote }},
"--userDefaultOrgUnitId", {{ .Values.userDefaultOrgUnitId | quote }},
{{- end }}
{{- if .Values.userDefaultRoleId }}
"--roleId", {{ .Values.userDefaultRoleId | quote }},
"--userDefaultRoleId", {{ .Values.userDefaultRoleId | quote }},
{{- end }}
"--disableLogoutEndpoint", {{ .Values.disableLogoutEndpoint | default false | quote }},
"--issuer", {{ .Values.issuer | required (printf "`issuer` is required for magda auth plugin `%s`." .Chart.Name) | quote }}
Expand Down
18 changes: 12 additions & 6 deletions src/createAuthPluginRouter.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,10 +122,10 @@ export interface AuthPluginRouterOptions {
sessionCookieOptions: CookieOptions;
// target magda org unit id
// when provided, the user will be assigned to this org unit
orgUnitId?: string;
userDefaultOrgUnitId?: string;
// target magda role id
// when provided, the user will be granted this role
roleId?: string;
userDefaultRoleId?: string;
}

/**
Expand Down Expand Up @@ -254,6 +254,10 @@ function createNameFromProfile(profile: UserinfoResponse) {
return profile.email;
}

const isValidRoleId = (id?: string) =>
typeof id === "string" &&
(uuidValidate(id) || id.match(/^\d{8}-\d{4}-\d{4}-\d{4}-\d{12}$/));

export default async function createAuthPluginRouter(
options: AuthPluginRouterOptions
): Promise<Router> {
Expand Down Expand Up @@ -283,6 +287,8 @@ export default async function createAuthPluginRouter(
}

console.log("scope settings: ", scope);
console.log(`Default user role ID: ${options?.userDefaultRoleId}`);
console.log(`Default user orgUnit ID: ${options?.userDefaultOrgUnitId}`);

const [issuer, client] = await createOpenIdIssuerWithClient(options);
const disableLogoutEndpoint = !issuer["end_session_endpoint"]
Expand Down Expand Up @@ -327,16 +333,16 @@ export default async function createAuthPluginRouter(
authorizationApi,
userData,
authPluginConfig.key,
uuidValidate(options?.orgUnitId)
uuidValidate(options?.userDefaultOrgUnitId)
? async (authApi, userData, profile) => ({
...userData,
orgUnitId: options.orgUnitId
orgUnitId: options.userDefaultOrgUnitId
})
: undefined,
uuidValidate(options?.roleId)
isValidRoleId(options?.userDefaultRoleId)
? async (authApi, user, profile) => {
await authApi.addUserRoles(user.id, [
options.roleId
options.userDefaultRoleId
]);
}
: undefined
Expand Down
8 changes: 4 additions & 4 deletions src/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,12 @@ const argv = yargs
type: "string",
coerce: coerceJson
})
.option("orgUnitId", {
.option("userDefaultOrgUnitId", {
describe:
"The target magda org unit id. When provided, all new users will be assigned to this org unit",
type: "string"
})
.option("roleId", {
.option("userDefaultRoleId", {
describe:
"The target magda role id. When provided, all new users will be grant this role",
type: "string"
Expand Down Expand Up @@ -215,8 +215,8 @@ const authApiClient = new AuthApiClient(
allowedExternalRedirectDomains,
disableLogoutEndpoint: argv?.disableLogoutEndpoint,
sessionCookieOptions: argv.cookieJson as any,
orgUnitId: argv?.orgUnitId,
roleId: argv?.roleId
userDefaultOrgUnitId: argv?.userDefaultOrgUnitId,
userDefaultRoleId: argv?.userDefaultRoleId
});
app.use(routes);

Expand Down

0 comments on commit 126a81a

Please sign in to comment.