Skip to content

Commit

Permalink
Allow preferred_username claim to be set for Crowd connector (dexidp#…
Browse files Browse the repository at this point in the history
…1684)

* Add atlassiancrowd connector to list in readme

* Add TestIdentityFromCrowdUser

* Set preferred_username claim when configured

* Add preferredUsernameField option to docs

* Log warning when mapping invalid crowd field
  • Loading branch information
mvdkleijn authored and elffjs committed Jun 27, 2022
1 parent 7b015b2 commit d0e000b
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 0 deletions.
5 changes: 5 additions & 0 deletions Documentation/connectors/atlassian-crowd.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,4 +36,9 @@ connectors:
- my-group
# Prompt for username field.
usernamePrompt: Login
# Optionally set preferred_username claim.
# If `preferredUsernameField` is omitted or contains an invalid option, the `preferred_username` claim will be empty.
# If `preferredUsernameField` is set, the `preferred_username` claim will be set to the chosen Crowd user attribute value.
# Possible choices are: "key", "name", "email"
preferredUsernameField: name
```
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ Dex implements the following connectors:
| [AuthProxy](Documentation/connectors/authproxy.md) | no | no | no | alpha | Authentication proxies such as Apache2 mod_auth, etc. |
| [Bitbucket Cloud](Documentation/connectors/bitbucketcloud.md) | yes | yes | no | alpha | |
| [OpenShift](Documentation/connectors/openshift.md) | no | yes | no | stable | |
| [Atlassian Crowd](Documentation/connectors/atlassiancrowd.md) | yes | yes | yes *) | beta | preferred_username claim must be configured through config |

Stable, beta, and alpha are defined as:

Expand Down
19 changes: 19 additions & 0 deletions connector/atlassiancrowd/atlassiancrowd.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,19 @@ import (
// - admin
// # Prompt for username field
// usernamePrompt: Login
// preferredUsernameField: name
//
type Config struct {
BaseURL string `json:"baseURL"`
ClientID string `json:"clientID"`
ClientSecret string `json:"clientSecret"`
Groups []string `json:"groups"`

// PreferredUsernameField allows users to set the field to any of the
// following values: "key", "name" or "email".
// If unset, the preferred_username field will remain empty.
PreferredUsernameField string `json:"preferredUsernameField"`

// UsernamePrompt allows users to override the username attribute (displayed
// in the username/password prompt). If unset, the handler will use.
// "Username".
Expand Down Expand Up @@ -368,6 +374,19 @@ func (c *crowdConnector) identityFromCrowdUser(user crowdUser) (connector.Identi
EmailVerified: true,
}

switch c.PreferredUsernameField {
case "key":
identity.PreferredUsername = user.Key
case "name":
identity.PreferredUsername = user.Name
case "email":
identity.PreferredUsername = user.Email
default:
if c.PreferredUsernameField != "" {
c.logger.Warnf("preferred_username left empty. Invalid crowd field mapped to preferred_username: %s", c.PreferredUsernameField)
}
}

return identity, nil
}

Expand Down
47 changes: 47 additions & 0 deletions connector/atlassiancrowd/atlassiancrowd_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,53 @@ func TestUserPassword(t *testing.T) {
expectNil(t, err)
}

func TestIdentityFromCrowdUser(t *testing.T) {
user := crowdUser{
Key: "12345",
Name: "testuser",
Active: true,
Email: "[email protected]",
}

c := newTestCrowdConnector("/")

// Sanity checks
expectEquals(t, user.Name, "testuser")
expectEquals(t, user.Email, "[email protected]")

// Test unconfigured behaviour
i, err := c.identityFromCrowdUser(user)
expectNil(t, err)
expectEquals(t, i.UserID, "12345")
expectEquals(t, i.Username, "testuser")
expectEquals(t, i.Email, "[email protected]")
expectEquals(t, i.EmailVerified, true)

// Test for various PreferredUsernameField settings
// unset
expectEquals(t, i.PreferredUsername, "")

c.Config.PreferredUsernameField = "key"
i, err = c.identityFromCrowdUser(user)
expectNil(t, err)
expectEquals(t, i.PreferredUsername, "12345")

c.Config.PreferredUsernameField = "name"
i, err = c.identityFromCrowdUser(user)
expectNil(t, err)
expectEquals(t, i.PreferredUsername, "testuser")

c.Config.PreferredUsernameField = "email"
i, err = c.identityFromCrowdUser(user)
expectNil(t, err)
expectEquals(t, i.PreferredUsername, "[email protected]")

c.Config.PreferredUsernameField = "invalidstring"
i, err = c.identityFromCrowdUser(user)
expectNil(t, err)
expectEquals(t, i.PreferredUsername, "")
}

type TestServerResponse struct {
Body interface{}
Code int
Expand Down

0 comments on commit d0e000b

Please sign in to comment.