oidc custom claims

2020-05-04 07:12:48 +00:00 · 2020-05-04 07:12:48 +00:00 · 2044ce4737
parent 483c767d26
commit 2044ce4737
4 changed files with 51 additions and 4 deletions
--- a/powerdnsadmin/models/setting.py
+++ b/powerdnsadmin/models/setting.py
@ -88,6 +88,10 @@ class Setting(db.Model):
        'oidc_oauth_api_url': '',
        'oidc_oauth_token_url': '',
        'oidc_oauth_authorize_url': '',
+        'oidc_oauth_username': 'preferred_username',
+        'oidc_oauth_firstname': 'given_name',
+        'oidc_oauth_last_name': 'family_name ',
+        'oidc_oauth_email': 'email',
        'forward_records_allow_edit': {
            'A': True,
            'AAAA': True,
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -811,6 +811,14 @@ def setting_authentication():
                              request.form.get('oidc_oauth_token_url'))
                Setting().set('oidc_oauth_authorize_url',
                              request.form.get('oidc_oauth_authorize_url'))
+                Setting().set('oidc_oauth_username',
+                              request.form.get('oidc_oauth_username'))
+                Setting().set('oidc_oauth_firstname',
+                              request.form.get('oidc_oauth_firstname'))
+                Setting().set('oidc_oauth_last_name',
+                              request.form.get('oidc_oauth_last_name'))
+                Setting().set('oidc_oauth_email',
+                              request.form.get('oidc_oauth_email'))
                result = {
                    'status': True,
                    'msg':
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -285,10 +285,10 @@ def login():

    if 'oidc_token' in session:
        me = json.loads(oidc.get('userinfo').text)
-        oidc_username = me["preferred_username"]
-        oidc_givenname = me["name"]
-        oidc_familyname = ""
-        oidc_email = me["email"]
+        oidc_username = me[Setting().get('oidc_oauth_username')]
+        oidc_givenname = me[Setting().get('oidc_oauth_firstname')]
+        oidc_familyname = me[Setting().get('oidc_oauth_last_name')]
+        oidc_email = me[Setting().get('oidc_oauth_email')]

        user = User.query.filter_by(username=oidc_username).first()
        if not user:
--- a/powerdnsadmin/templates/admin_setting_authentication.html
+++ b/powerdnsadmin/templates/admin_setting_authentication.html
@ -526,6 +526,29 @@
                                                    <span class="help-block with-errors"></span>
                                                </div>
                                            </fieldset>
+                                            <fieldset>
+                                                <legend>CLAIMS</legend>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_username">Username</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_username" id="oidc_oauth_username" placeholder="e.g. preferred_username" data-error="Please input Username claim" value="{{ SETTING.get('oidc_oauth_username') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_firstname">First Name</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_firstname" id="oidc_oauth_firstname" placeholder="e.g. given_name" data-error="Please input First Name claim" value="{{ SETTING.get('oidc_oauth_firstname') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_last_name">Last Name</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_last_name" id="oidc_oauth_last_name" placeholder="e.g. family_name" data-error="Please input Last Name claim" value="{{ SETTING.get('oidc_oauth_last_name') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                                <div class="form-group">
+                                                    <label for="oidc_oauth_email">Email</label>
+                                                    <input type="text" class="form-control" name="oidc_oauth_email" id="oidc_oauth_email" placeholder="e.g. email" data-error="Plesae input Email claim" value="{{ SETTING.get('oidc_oauth_email') }}">
+                                                    <span class="help-block with-errors"></span>
+                                                </div>
+                                            </fieldset>
                                            <div class="form-group">
                                                <button type="submit" class="btn btn-flat btn-primary">Save</button>
                                            </div>
@ -792,6 +815,10 @@
            $('#oidc_oauth_api_url').prop('required', true);
            $('#oidc_oauth_token_url').prop('required', true);
            $('#oidc_oauth_authorize_url').prop('required', true);
+            $('#oidc_oauth_username').prop('required', true);
+            $('#oidc_oauth_firstname').prop('required', true);
+            $('#oidc_oauth_last_name').prop('required', true);
+            $('#oidc_oauth_email').prop('required', true);
        } else {
            $('#oidc_oauth_key').prop('required', false);
            $('#oidc_oauth_secret').prop('required', false);
@ -799,6 +826,10 @@
            $('#oidc_oauth_api_url').prop('required', false);
            $('#oidc_oauth_token_url').prop('required', false);
            $('#oidc_oauth_authorize_url').prop('required', false);
+            $('#oidc_oauth_username').prop('required', false);
+            $('#oidc_oauth_firstname').prop('required', false);
+            $('#oidc_oauth_last_name').prop('required', false);
+            $('#oidc_oauth_email').prop('required', false);
        }
    });
        // init validation requirement at first time page load
@ -809,6 +840,10 @@
        $('#oidc_oauth_api_url').prop('required', true);
        $('#oidc_oauth_token_url').prop('required', true);
        $('#oidc_oauth_authorize_url').prop('required', true);
+        $('#oidc_oauth_username').prop('required', true);
+        $('#oidc_oauth_firstname').prop('required', true);
+        $('#oidc_oauth_last_name').prop('required', true);
+        $('#oidc_oauth_email').prop('required', true);
    {% endif %}
    //END: OIDC Tab JS