File tree Expand file tree Collapse file tree 2 files changed +23
-12
lines changed Expand file tree Collapse file tree 2 files changed +23
-12
lines changed Original file line number Diff line number Diff line change @@ -139,24 +139,35 @@ pub async fn reply_login(
139139 return Ok ( HttpResponse :: Unauthorized ( ) . finish ( ) ) ;
140140 } ;
141141 let username = user_info
142- . sub
142+ . name
143143 . clone ( )
144144 . expect ( "OIDC provider did not return a sub which is currently required." ) ;
145145 let user_info: user:: UserInfo = user_info. into ( ) ;
146-
147- let group: HashSet < String > = claims
146+ let mut group: HashSet < String > = claims
148147 . other
149148 . remove ( "groups" )
150149 . map ( serde_json:: from_value)
151150 . transpose ( ) ?
152- . unwrap_or_else ( || {
153- DEFAULT_ROLE
154- . lock ( )
155- . unwrap ( )
156- . clone ( )
157- . map ( |role| HashSet :: from ( [ role] ) )
158- . unwrap_or_default ( )
159- } ) ;
151+ . unwrap_or_default ( ) ;
152+ let metadata = get_metadata ( ) . await ?;
153+ let mut role_exists = false ;
154+ for role in metadata. roles . iter ( ) {
155+ let role_name = role. 0 ;
156+ for group_name in group. iter ( ) {
157+ if group_name. eq ( role_name) {
158+ role_exists = true ;
159+ break ;
160+ }
161+ }
162+ }
163+ if !role_exists || group. is_empty ( ) {
164+ group = DEFAULT_ROLE
165+ . lock ( )
166+ . unwrap ( )
167+ . clone ( )
168+ . map ( |role| HashSet :: from ( [ role] ) )
169+ . unwrap_or_default ( ) ;
170+ }
160171
161172 // User may not exist
162173 // create a new one depending on state of metadata
Original file line number Diff line number Diff line change @@ -60,7 +60,7 @@ impl User {
6060 pub fn new_oauth ( username : String , roles : HashSet < String > , user_info : UserInfo ) -> Self {
6161 Self {
6262 ty : UserType :: OAuth ( OAuth {
63- userid : username,
63+ userid : user_info . name . clone ( ) . unwrap_or ( username) ,
6464 user_info,
6565 } ) ,
6666 roles,
You can’t perform that action at this time.
0 commit comments