Commit d07aff89 by Carl Bergquist Committed by GitHub

Merge pull request #11127 from DanCech/oauth-jwt-email

only use jwt token if it contains an email address
parents d9308a03 9d005c50
...@@ -180,6 +180,7 @@ type UserInfoJson struct { ...@@ -180,6 +180,7 @@ type UserInfoJson struct {
func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) { func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) {
var data UserInfoJson var data UserInfoJson
var err error
if s.extractToken(&data, token) != true { if s.extractToken(&data, token) != true {
response, err := HttpGet(client, s.apiUrl) response, err := HttpGet(client, s.apiUrl)
...@@ -193,21 +194,18 @@ func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token) ...@@ -193,21 +194,18 @@ func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token)
} }
} }
name, err := s.extractName(data) name := s.extractName(&data)
if err != nil {
return nil, err
}
email, err := s.extractEmail(data, client) email := s.extractEmail(&data)
if email == "" {
email, err = s.FetchPrivateEmail(client)
if err != nil { if err != nil {
return nil, err return nil, err
} }
login, err := s.extractLogin(data, email)
if err != nil {
return nil, err
} }
login := s.extractLogin(&data, email)
userInfo := &BasicUserInfo{ userInfo := &BasicUserInfo{
Name: name, Name: name,
Login: login, Login: login,
...@@ -251,49 +249,55 @@ func (s *SocialGenericOAuth) extractToken(data *UserInfoJson, token *oauth2.Toke ...@@ -251,49 +249,55 @@ func (s *SocialGenericOAuth) extractToken(data *UserInfoJson, token *oauth2.Toke
return false return false
} }
email := s.extractEmail(data)
if email == "" {
s.log.Debug("No email found in id_token", "json", string(payload), "data", data)
return false
}
s.log.Debug("Received id_token", "json", string(payload), "data", data) s.log.Debug("Received id_token", "json", string(payload), "data", data)
return true return true
} }
func (s *SocialGenericOAuth) extractEmail(data UserInfoJson, client *http.Client) (string, error) { func (s *SocialGenericOAuth) extractEmail(data *UserInfoJson) string {
if data.Email != "" { if data.Email != "" {
return data.Email, nil return data.Email
} }
if data.Attributes["email:primary"] != nil { if data.Attributes["email:primary"] != nil {
return data.Attributes["email:primary"][0], nil return data.Attributes["email:primary"][0]
} }
if data.Upn != "" { if data.Upn != "" {
emailAddr, emailErr := mail.ParseAddress(data.Upn) emailAddr, emailErr := mail.ParseAddress(data.Upn)
if emailErr == nil { if emailErr == nil {
return emailAddr.Address, nil return emailAddr.Address
} }
} }
return s.FetchPrivateEmail(client) return ""
} }
func (s *SocialGenericOAuth) extractLogin(data UserInfoJson, email string) (string, error) { func (s *SocialGenericOAuth) extractLogin(data *UserInfoJson, email string) string {
if data.Login != "" { if data.Login != "" {
return data.Login, nil return data.Login
} }
if data.Username != "" { if data.Username != "" {
return data.Username, nil return data.Username
} }
return email, nil return email
} }
func (s *SocialGenericOAuth) extractName(data UserInfoJson) (string, error) { func (s *SocialGenericOAuth) extractName(data *UserInfoJson) string {
if data.Name != "" { if data.Name != "" {
return data.Name, nil return data.Name
} }
if data.DisplayName != "" { if data.DisplayName != "" {
return data.DisplayName, nil return data.DisplayName
} }
return "", nil return ""
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment