Commit895db12

authored

FEATURE: Allow specifiying required paths when retrieving userinfo (#96)

When retrieving userinfo with oauth2_fetch_user_details=true, we sometimes want to disallow account creation if an attribute is not fulfilled.This commit adds a new register oauth2_basic_required_json_path which will kick in when retrieving userinfo.

1 parentd1161b9 commit895db12Copy full SHA for 895db12

File tree

2 files changed

+69

-0

lines changed

plugin.rb
spec
- plugin_spec.rb

2 files changed

+69

-0

lines changed

`‎plugin.rb‎`

Lines changed: 21 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -78,6 +78,18 @@ def response(env)`
`78`	`78`	`# We'll store the value in the user associated account's extra attribute hash using the full path as the key.`
`79`	`79`	`DiscoursePluginRegistry.define_filtered_register:oauth2_basic_additional_json_paths`
`80`	`80`
	`81`	`+# After authentication, we'll use this to confirm that the registered json paths are fulfilled, or display an error.`
	`82`	`+# This requires SiteSetting.oauth2_fetch_user_details? to be true, and can be used with`
	`83`	`+# DiscoursePluginRegistry.oauth2_basic_additional_json_paths.`
	`84`	`+#`
	`85`	`+# Example usage:`
	`86`	`+# DiscoursePluginRegistry.register_oauth2_basic_required_json_path({`
	`87`	`+# path: "extra:data.is_allowed_user",`
	`88`	`+# required_value: true,`
	`89`	`+# error_message: I18n.t("auth.user_not_allowed")`
	`90`	`+# }, self)`
	`91`	`+DiscoursePluginRegistry.define_filtered_register:oauth2_basic_required_json_paths`
	`92`	`+`
`81`	`93`	`class ::OAuth2BasicAuthenticator <Auth::ManagedAuthenticator`
`82`	`94`	`defname`
`83`	`95`	`"oauth2_basic"`
`@@ -312,6 +324,15 @@ def after_authenticate(auth, existing_account: nil)`
`312`	`324`	`DiscoursePluginRegistry.oauth2_basic_additional_json_paths.eachdo \|detail\|`
`313`	`325`	`auth["extra"][detail]=fetched_user_details["extra:#{detail}"]`
`314`	`326`	`end`
	`327`	`+`
	`328`	`+DiscoursePluginRegistry.oauth2_basic_required_json_paths.eachdo \|x\|`
	`329`	`+iffetched_user_details[x[:path]] !=x[:required_value]`
	`330`	`+result=Auth::Result.new`
	`331`	`+result.failed=true`
	`332`	`+result.failed_reason=x[:error_message]`
	`333`	`+returnresult`
	`334`	`+end`
	`335`	`+end`
`315`	`336`	`else`
`316`	`337`	`result=Auth::Result.new`
`317`	`338`	`result.failed=true`

`‎spec/plugin_spec.rb‎`

Lines changed: 48 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,54 @@`
`124`	`124`	`expect(associated_account.extra[custom_path]).toeq("received")`
`125`	`125`	`end`
`126`	`126`	`end`
	`127`	`+`
	`128`	`+describe"required attributes"do`
	`129`	`+after{DiscoursePluginRegistry.reset_register!(:oauth2_basic_required_json_paths)}`
	`130`	`+`
	`131`	`+it"'authenticates' successfully if required json path is fulfilled"do`
	`132`	`+DiscoursePluginRegistry.register_oauth2_basic_additional_json_path(`
	`133`	`+"account.is_legit",`
	`134`	`+Plugin::Instance.new,`
	`135`	`+)`
	`136`	`+DiscoursePluginRegistry.register_oauth2_basic_required_json_path(`
	`137`	`+{path:"extra:account.is_legit",required_value:true},`
	`138`	`+Plugin::Instance.new,`
	`139`	`+)`
	`140`	`+`
	`141`	`+response={`
	`142`	`+status:200,`
	`143`	`+body:'{"account":{"email":"newemail@example.com","is_legit":true}}',`
	`144`	`+}`
	`145`	`+stub_request(:get,SiteSetting.oauth2_user_json_url).to_return(response)`
	`146`	`+`
	`147`	`+result=authenticator.after_authenticate(auth)`
	`148`	`+expect(result.failed).toeq(false)`
	`149`	`+end`
	`150`	`+`
	`151`	`+it"fails 'authentication' if required json path is unfulfilled"do`
	`152`	`+DiscoursePluginRegistry.register_oauth2_basic_additional_json_path(`
	`153`	`+"account.is_legit",`
	`154`	`+Plugin::Instance.new,`
	`155`	`+)`
	`156`	`+DiscoursePluginRegistry.register_oauth2_basic_required_json_path(`
	`157`	`+{`
	`158`	`+path:"extra:account.is_legit",`
	`159`	`+required_value:true,`
	`160`	`+error_message:"You're not legit",`
	`161`	`+},`
	`162`	`+Plugin::Instance.new,`
	`163`	`+)`
	`164`	`+response={`
	`165`	`+status:200,`
	`166`	`+body:'{"account":{"email":"newemail@example.com","is_legit":false}}',`
	`167`	`+}`
	`168`	`+stub_request(:get,SiteSetting.oauth2_user_json_url).to_return(response)`
	`169`	`+`
	`170`	`+result=authenticator.after_authenticate(auth)`
	`171`	`+expect(result.failed).toeq(true)`
	`172`	`+expect(result.failed_reason).toeq("You're not legit")`
	`173`	`+end`
	`174`	`+end`
`127`	`175`	`end`
`128`	`176`
`129`	`177`	`describe"avatar downloading"do`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit895db12

File tree

2 files changed

2 files changed

`‎plugin.rb‎`

`‎spec/plugin_spec.rb‎`

0 commit comments