File tree 2 files changed +23
-12
lines changed 2 files changed +23
-12
lines changed Original file line number Diff line number Diff line change @@ -139,24 +139,35 @@ pub async fn reply_login(
139
139
return Ok ( HttpResponse :: Unauthorized ( ) . finish ( ) ) ;
140
140
} ;
141
141
let username = user_info
142
- . sub
142
+ . name
143
143
. clone ( )
144
144
. expect ( "OIDC provider did not return a sub which is currently required." ) ;
145
145
let user_info: user:: UserInfo = user_info. into ( ) ;
146
-
147
- let group: HashSet < String > = claims
146
+ let mut group: HashSet < String > = claims
148
147
. other
149
148
. remove ( "groups" )
150
149
. map ( serde_json:: from_value)
151
150
. transpose ( ) ?
152
- . unwrap_or_else ( || {
153
- DEFAULT_ROLE
154
- . lock ( )
155
- . unwrap ( )
156
- . clone ( )
157
- . map ( |role| HashSet :: from ( [ role] ) )
158
- . unwrap_or_default ( )
159
- } ) ;
151
+ . unwrap_or_default ( ) ;
152
+ let metadata = get_metadata ( ) . await ?;
153
+ let mut role_exists = false ;
154
+ for role in metadata. roles . iter ( ) {
155
+ let role_name = role. 0 ;
156
+ for group_name in group. iter ( ) {
157
+ if group_name. eq ( role_name) {
158
+ role_exists = true ;
159
+ break ;
160
+ }
161
+ }
162
+ }
163
+ if !role_exists || group. is_empty ( ) {
164
+ group = DEFAULT_ROLE
165
+ . lock ( )
166
+ . unwrap ( )
167
+ . clone ( )
168
+ . map ( |role| HashSet :: from ( [ role] ) )
169
+ . unwrap_or_default ( ) ;
170
+ }
160
171
161
172
// User may not exist
162
173
// create a new one depending on state of metadata
Original file line number Diff line number Diff line change @@ -60,7 +60,7 @@ impl User {
60
60
pub fn new_oauth ( username : String , roles : HashSet < String > , user_info : UserInfo ) -> Self {
61
61
Self {
62
62
ty : UserType :: OAuth ( OAuth {
63
- userid : username,
63
+ userid : user_info . name . clone ( ) . unwrap_or ( username) ,
64
64
user_info,
65
65
} ) ,
66
66
roles,
You can’t perform that action at this time.
0 commit comments