Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COR-475: identity #409

Open
wants to merge 9 commits into
base: COR-484_scopesNClaims
Choose a base branch
from
Open

COR-475: identity #409

wants to merge 9 commits into from

Conversation

internetti
Copy link
Member

@internetti internetti commented May 24, 2022
edited by jira bot
Loading

COR-475

introduced fix structure for claims to map to
in agreement with ludo, a new table is being created to store the claim data

@rational-terraforming-golem
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: internetti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

ludydoo
ludydoo reviewed Jun 1, 2022
View reviewed changes
pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go Outdated
Comment on lines 59 to 63
err2 := loginStore.CreateOidcIdentityProfile(newIdentityProfile)
if err2 != nil {
l.Error("failed to store identity profile", zap.Error(err2))
}
Copy link
Contributor

@ludydoo ludydoo Jun 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
err2 := loginStore.CreateOidcIdentityProfile(newIdentityProfile)
if err2 != nil {
l.Error("failed to store identity profile", zap.Error(err2))
}
if err := loginStore.CreateOidcIdentityProfile(newIdentityProfile); err != nil {
l.Error("failed to store identity profile", zap.Error(err))
return err
}

ludydoo
ludydoo reviewed Jun 1, 2022
View reviewed changes
pkg/server/login/handlers/login/action_auth_code_exchange_succeeded.go
} else {
l.Error("failed to get user identifier for oidc provider", zap.Error(err))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was this intended?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like I had a reason but I cannot remember it for the life of me, so let's say no 😅

ludydoo
ludydoo reviewed Jun 1, 2022
View reviewed changes
pkg/server/login/handlers/login/action_performing_auth_code_exchange.go Outdated
Comment on lines 144 to 168
var userProfile authrequest.Claims

var mappedClaimInft map[string]interface{}
mappedClaimInft, ok = claimInft.(map[string]interface{})

subject, ok := mappedClaimInft[idp.ClaimMappings.Subject].(string)
if ok {
userProfile.Subject = subject
}
displayName, ok := mappedClaimInft[idp.ClaimMappings.DisplayName].(string)
if ok {
userProfile.DisplayName = displayName
}
fullName, ok := mappedClaimInft[idp.ClaimMappings.FullName].(string)
if ok {
userProfile.FullName = fullName
}
email, ok := mappedClaimInft[idp.ClaimMappings.Email].(string)
if ok {
userProfile.Email = email
}
emailVerified, ok := mappedClaimInft[idp.ClaimMappings.EmailVerified].(bool)
if ok {
userProfile.EmailVerified = emailVerified
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we extract this into a function ? Like extractIdentityProfile(claims, idp)
Also I think this would for sure need some testing

pkg/server/login/store/identity_profile.go
package store

type IdentityProfile struct {
ID string
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We probably need either a primary key on ID, or a primary key on IdentityProviderID and Subject

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought gorm uses ID as primary key by default?

pkg/server/login/store/interface.go

db, err := l.db.Get()
if err != nil {
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logging?

pkg/server/login/store/interface.go
}

if err := db.Create(&profile).Error; err != nil {
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logging?

ludydoo
ludydoo reviewed Jun 1, 2022
View reviewed changes
pkg/server/login/store/interface.go Outdated
Comment on lines 18 to 20
FindOidcIdentifier(identifier string, identityProviderId string) (*CredentialIdentifier, error)
CreateOidcIdentity(issuer string, identifier string, initialAccessToken string, initialRefreshToken string, initialIdToken string) (*Identity, error)
CreateOidcIdentityProfile(profile IdentityProfile) error
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add a ctx as the first argument of all of those methods

internetti
internetti commented Jun 3, 2022
View reviewed changes
pkg/server/login/handlers/login/action_performing_auth_code_exchange_test.go Outdated
Comment on lines 86 to 108
idp: idp2,
expect: authrequest.Claims{
Subject: "SubjectFieldName",
DisplayName: "",
FullName: "",
Email: "",
EmailVerified: false,
},
wantErr: false,
},
{
name: "fills profile with placeholders for missing data",
claims: map[string]interface{}{
"SubjectFieldName": "subjectValue",
},
expect: authrequest.Claims{
Subject: "subjectValue",
DisplayName: "<no value> <no value> <no value>",
FullName: "<no value> <no value>",
Email: "<no value>",
EmailVerified: false,
},
wantErr: false,
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd actually expect errors in these cases, but the template execute function doesn't throw any, is it worth testing for this manually and throwing the errors myself?

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jun 3, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ludydoo ludydoo ludydoo left review comments

@neb42 neb42 Awaiting requested review from neb42

Assignees
No one assigned
Labels
approved size/XL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@internetti @ludydoo