Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NEW] Feature/custom oauth mail field and interpolation for mapped fields #15690

Merged
merged 31 commits into from
Apr 15, 2020
Merged

[NEW] Feature/custom oauth mail field and interpolation for mapped fields #15690

merged 31 commits into from
Apr 15, 2020

Conversation

benkroeger
Copy link
Contributor

@benkroeger benkroeger commented Oct 28, 2019

CLOSES #11647
CLOSES #15693
CLOSES #13220

This PR adds the config option to pick email value from a different identity property (e.g. upn)

It came to live when trying to use the O365 Graph user api as identityPath. That endpoint provides the user's mail address under the mail property, which would cause the email field in the user's identity to be empty.
Also, since O365 Graph api adds a property @odata.context to the response json and mongodb doesn't allow document paths to contain . characters, this PR removes all properties that contain a . as the very last step in normalizeIdentity (happening last in order to allow intermediate steps to still work with those properties; e.g. lookup @odata.... in the getUsername method).

Also, when configuring Azure AD records to contain values like employeeId, this could become a powerful combination to populate user records in RocketChat (mail as email and employeeId as username)

UPDATE
73aebfa adds the possibility to use string interpolation in custom field mappings.
this allows to mix and match fragments of existing fields (identity response from provider) into new values (e.g. pick the leading part of email and use as username: {{/^(.+)@/::email}})

Note:

  • if you want interpolation, the field mapping must contain text in double curly braces {{interpolation here}}
  • interpolation can be anything from a simple field mapping {{email}} through a nested path {{foo.bar}} to a regexp applied to the value from a nested path {{/^(.+)@/::profile.email}}
  • interpolations can be combined with static strings {{/^(.+)@/::email}}@rocket.chat. assuming email has the value [email protected] the result would be [email protected]
  • regular expressions in interpolations are enclosed with slashes / and separated from the field selector with double colons ::
  • regular expressions must have a single capture group. the value from the first capture group is used for the interpolation value

@benkroeger benkroeger changed the title [NEW] Feature/custom oauth mail field [NEW] Feature/custom oauth mail field and interpolation for mapped fields Oct 28, 2019
@benkroeger
Copy link
Contributor Author

@rodrigok @engelgabriel can someone pls re-trigger the test-with-oplog-mongo-4-0? I didn't change anything related in the last commit (previous commit ran tests successfully). Suspecting a hick-up in circle-ci here.

thanks!

@tammer123
Copy link

Is there any updates with this?

@tammer123
Copy link

Updates?

@benkroeger
Copy link
Contributor Author

@sampaiodiego since this one is similar to #15743, can you take a look?

@tammer123
Copy link

Updates?

@benkroeger
Copy link
Contributor Author

nothing? in a month? is anything missing?

@tammer123
Copy link

Maybe you should @ them?

@benkroeger
Copy link
Contributor Author

benkroeger commented Dec 18, 2019 via email

tammer123
tammer123 previously approved these changes Dec 20, 2019
@benkroeger
Copy link
Contributor Author

@tammer123 so you are a team member (now)?

@benkroeger
Copy link
Contributor Author

@sampaiodiego since you authored the PR for the latest release, I assume you're pretty active in the development team. I've been trying to drag some attention to this PR for quite a while now. Can you maybe give a hint on what action I'm missing - or even help me get this thing processed? Any comment is highly appreciated

sampaiodiego and others added 11 commits February 28, 2020 13:37
because mongo does not allow '.'  in field names
this allows to mix and match fragments of existing fields (identity response from provider) into new values (e.g. pick the leading part of email and use as username: `{{/^(.+)@/::email}}`)
throwing would be breaking change (though consistent with all other custom field mappings)
@benkroeger
Copy link
Contributor Author

@rodrigok unit tests added - for simplicity in testing, I outsourced the newly added methods into a separate file. this also reduces the risk of code conflicts in the main file

@rodrigok
Copy link
Member

@benkroeger great, thanks, I'll review it again soon

@rodrigok
Copy link
Member

@benkroeger I tried this config:
image

With this value returning on /me:
image

And got this result:
image

The email is correct but the name and username are wrong

* develop: (36 commits)
  Group DM improvements
  [NEW] Sort channel directory listing by latest message (#16604)
  [FIX] Wrong message count statistics in Admin info page (#16680)
  Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA (#16998)
  [NEW] Direct message between multiple users (#16761)
  Bump version to 3.0.7
  Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription  (#17017)
  Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription  (#17017)
  Bump version to 3.0.6
  [Regression] Replace the Omnichannel queue model observe with Stream (#16999)
  [FIX]  Keeps the agent in the room after accepting a new Omnichannel request (#16787)
  Bump version to 3.0.5
  [FIX] Race conditions on/before login (#16989)
  Bump version to 3.0.4
  [IMPROVE] Send files over rest api (#16617)
  [FIX] Integrations page pagination (#16838)
  [FIX] TypeError when trying to load avatar of an invalid room. (#16699)
  Bump version to 3.0.3
  [FIX] Language country has been ignored on translation load (#16757)
  [FIX] Manual Register use correct state for determining registered (#16726)
  ...
@benkroeger
Copy link
Contributor Author

@rodrigok can not explain where die mismatch comes from. added unit test to process exactly your test data and template expression - receiving the expected results. I also added the normalizers to template_helpers and included 'normalizing' for the test data (suspected that some data manupulation might happen there).

is it possible that you ran tests a couple of times, maybe even with different setup or an existing user with the same id?
I can not reproduce what you see.

@benkroeger
Copy link
Contributor Author

live test on a running instance also works fine for me (completely fresh meteor instance), using my actual azure ad oauth configuration:

image

image

image

@rodrigok
Copy link
Member

rodrigok commented Mar 26, 2020

@benkroeger you need to apply this change:

From 22db311f707550e480f1d208740ba6b5097facc7 Mon Sep 17 00:00:00 2001
From: Rodrigo Nascimento <[email protected]>
Date: Thu, 26 Mar 2020 15:25:26 -0300
Subject: [PATCH] Do not process OAuth fields 2 times

---
 app/custom-oauth/server/custom_oauth_server.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/custom-oauth/server/custom_oauth_server.js b/app/custom-oauth/server/custom_oauth_server.js
index 020da8782..c37e43b62 100644
--- a/app/custom-oauth/server/custom_oauth_server.js
+++ b/app/custom-oauth/server/custom_oauth_server.js
@@ -357,15 +357,15 @@ export class CustomOAuth {
 			}
 
 			if (this.usernameField) {
-				user.username = this.getUsername(user.services[this.name]);
+				user.username = user.services[this.name].username;
 			}
 
 			if (this.emailField) {
-				user.email = this.getEmail(user.services[this.name]);
+				user.email = user.services[this.name].email;
 			}
 
 			if (this.nameField) {
-				user.name = this.getCustomName(user.services[this.name]);
+				user.name = user.services[this.name].name;
 			}
 
 			if (this.mergeRoles) {
-- 
2.21.1 (Apple Git-122.3)

I've tried to push to your branch but I was blocked.

@rodrigok
Copy link
Member

The current code is processing the fields 2 times

@benkroeger
Copy link
Contributor Author

I've rebased my work on #develop regularly (last today with d223fb1). Is this something you just added or should this have been there before?
Also, this issue would happen even without my proposed changes. Shouldn't it be fixed in a separate PR?

@rodrigok
Copy link
Member

@benkroeger I didn't add this to our code. It wasn't an issue before because wasn't possible to combine values via interpolation. For example, now the name property may be a mix of {{name}} {{anotherField}} and if this process again, since I'm using the current field inside the interpolation it will get name as the already changed value and will contact with anotherField again.

@benkroeger
Copy link
Contributor Author

@rodrigok added your suggested modifications (and rebased again)

@rodrigok rodrigok added this to the 3.2.0 milestone Mar 26, 2020
@rodrigok
Copy link
Member

@benkroeger thanks man, it was a great contribution.

We are now in the feature freeze period during the Release Candidate of version 3.1. So we will merge this in a few days for the development of version 3.2.

@sampaiodiego sampaiodiego merged commit 4ad6503 into RocketChat:develop Apr 15, 2020
ggazzo added a commit that referenced this pull request Apr 15, 2020
…mailer

* 'develop' of github.com:RocketChat/Rocket.Chat:
  Regression: Storybook  added flowrouter group mock (#17321)
  [NEW] Feature/custom oauth mail field and interpolation for mapped fields (#15690)
@luixxiul
Copy link

@benkroeger Glückwunsch 🥳

ggazzo added a commit that referenced this pull request Apr 16, 2020
…users_and_rooms

* 'develop' of github.com:RocketChat/Rocket.Chat:
  [IMPROVE] Administration -> Mailer Rewrite to React. (#17191)
  Regression: Storybook  added flowrouter group mock (#17321)
  [NEW] Feature/custom oauth mail field and interpolation for mapped fields (#15690)
dudizilla added a commit that referenced this pull request Apr 21, 2020
…nto view-logs

* 'develop' of https://github.com/RocketChat/Rocket.Chat: (31 commits)
  Fixed componentes width (#17322)
  [IMPROVE] Administration -> Mailer Rewrite to React. (#17191)
  Regression: Storybook  added flowrouter group mock (#17321)
  [NEW] Feature/custom oauth mail field and interpolation for mapped fields (#15690)
  [FIX] "Invalid Invite" message when registration is disabled (#17226)
  [FIX] Red color error outline is not removed after password update (#16536)
  [FIX] Change wording to start DM from info panel (#8799)
  New hooks for RouterContext (#17305)
  [FIX] SAML assertion signature enforcement (#17278)
  [FIX] LDAP users lose session on refresh (#17302)
  [NEW] Add MMS support to Voxtelesys (#17217)
  [FIX] Popover component doesn't have scroll (#17198)
  [FIX] Omnichannel SMS / WhatsApp integration errors due to missing location data (#17288)
  [FIX] User search on directory not working correctly (#17299)
  [FIX] Can not save Unread Tray Icon Alert user preference (#16288) (#16313)
  [FIX] Variable rendering problem on Import recent history page (#15997)
  [FIX] Admin panel custom sounds, multiple sound playback fix and added single play/pause button (#16215)
  [FIX] Discussions created from inside DMs were not working (#17282)
  [FIX] translation for nl (#16742)
  [FIX] No maxlength defined for custom user status (#16534)
  ...
@sampaiodiego sampaiodiego mentioned this pull request Apr 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
9 participants