From 2044ce473720852ba653b44689699055ad6ab79b Mon Sep 17 00:00:00 2001 From: root Date: Mon, 4 May 2020 07:12:48 +0000 Subject: [PATCH] oidc custom claims --- powerdnsadmin/models/setting.py | 4 +++ powerdnsadmin/routes/admin.py | 8 +++++ powerdnsadmin/routes/index.py | 8 ++--- .../admin_setting_authentication.html | 35 +++++++++++++++++++ 4 files changed, 51 insertions(+), 4 deletions(-) diff --git a/powerdnsadmin/models/setting.py b/powerdnsadmin/models/setting.py index b225787..0f6f35d 100644 --- a/powerdnsadmin/models/setting.py +++ b/powerdnsadmin/models/setting.py @@ -88,6 +88,10 @@ class Setting(db.Model): 'oidc_oauth_api_url': '', 'oidc_oauth_token_url': '', 'oidc_oauth_authorize_url': '', + 'oidc_oauth_username': 'preferred_username', + 'oidc_oauth_firstname': 'given_name', + 'oidc_oauth_last_name': 'family_name ', + 'oidc_oauth_email': 'email', 'forward_records_allow_edit': { 'A': True, 'AAAA': True, diff --git a/powerdnsadmin/routes/admin.py b/powerdnsadmin/routes/admin.py index 4ee8b58..e56778e 100644 --- a/powerdnsadmin/routes/admin.py +++ b/powerdnsadmin/routes/admin.py @@ -811,6 +811,14 @@ def setting_authentication(): request.form.get('oidc_oauth_token_url')) Setting().set('oidc_oauth_authorize_url', request.form.get('oidc_oauth_authorize_url')) + Setting().set('oidc_oauth_username', + request.form.get('oidc_oauth_username')) + Setting().set('oidc_oauth_firstname', + request.form.get('oidc_oauth_firstname')) + Setting().set('oidc_oauth_last_name', + request.form.get('oidc_oauth_last_name')) + Setting().set('oidc_oauth_email', + request.form.get('oidc_oauth_email')) result = { 'status': True, 'msg': diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py index 8c13dae..c5d27a7 100644 --- a/powerdnsadmin/routes/index.py +++ b/powerdnsadmin/routes/index.py @@ -285,10 +285,10 @@ def login(): if 'oidc_token' in session: me = json.loads(oidc.get('userinfo').text) - oidc_username = me["preferred_username"] - oidc_givenname = me["name"] - oidc_familyname = "" - oidc_email = me["email"] + oidc_username = me[Setting().get('oidc_oauth_username')] + oidc_givenname = me[Setting().get('oidc_oauth_firstname')] + oidc_familyname = me[Setting().get('oidc_oauth_last_name')] + oidc_email = me[Setting().get('oidc_oauth_email')] user = User.query.filter_by(username=oidc_username).first() if not user: diff --git a/powerdnsadmin/templates/admin_setting_authentication.html b/powerdnsadmin/templates/admin_setting_authentication.html index 50c00ef..5d91801 100644 --- a/powerdnsadmin/templates/admin_setting_authentication.html +++ b/powerdnsadmin/templates/admin_setting_authentication.html @@ -526,6 +526,29 @@ +
+ CLAIMS +
+ + + +
+
+ + + +
+
+ + + +
+
+ + + +
+
@@ -792,6 +815,10 @@ $('#oidc_oauth_api_url').prop('required', true); $('#oidc_oauth_token_url').prop('required', true); $('#oidc_oauth_authorize_url').prop('required', true); + $('#oidc_oauth_username').prop('required', true); + $('#oidc_oauth_firstname').prop('required', true); + $('#oidc_oauth_last_name').prop('required', true); + $('#oidc_oauth_email').prop('required', true); } else { $('#oidc_oauth_key').prop('required', false); $('#oidc_oauth_secret').prop('required', false); @@ -799,6 +826,10 @@ $('#oidc_oauth_api_url').prop('required', false); $('#oidc_oauth_token_url').prop('required', false); $('#oidc_oauth_authorize_url').prop('required', false); + $('#oidc_oauth_username').prop('required', false); + $('#oidc_oauth_firstname').prop('required', false); + $('#oidc_oauth_last_name').prop('required', false); + $('#oidc_oauth_email').prop('required', false); } }); // init validation requirement at first time page load @@ -809,6 +840,10 @@ $('#oidc_oauth_api_url').prop('required', true); $('#oidc_oauth_token_url').prop('required', true); $('#oidc_oauth_authorize_url').prop('required', true); + $('#oidc_oauth_username').prop('required', true); + $('#oidc_oauth_firstname').prop('required', true); + $('#oidc_oauth_last_name').prop('required', true); + $('#oidc_oauth_email').prop('required', true); {% endif %} //END: OIDC Tab JS