mirror of
https://github.com/juanfont/headscale.git
synced 2025-01-18 18:00:04 +09:00
fix issue where some oidc claim bools are sent as string (#2297)
Jumpcloud send invalid json, so we need to handle it. Fixes #2293 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
ec8729b772
commit
5345f19693
2 changed files with 114 additions and 6 deletions
|
@ -3,6 +3,8 @@ package types
|
|||
import (
|
||||
"cmp"
|
||||
"database/sql"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/mail"
|
||||
"strconv"
|
||||
|
||||
|
@ -119,18 +121,49 @@ func (u *User) Proto() *v1.User {
|
|||
}
|
||||
}
|
||||
|
||||
// JumpCloud returns a JSON where email_verified is returned as a
|
||||
// string "true" or "false" instead of a boolean.
|
||||
// This maps bool to a specific type with a custom unmarshaler to
|
||||
// ensure we can decode it from a string.
|
||||
// https://github.com/juanfont/headscale/issues/2293
|
||||
type FlexibleBoolean bool
|
||||
|
||||
func (bit *FlexibleBoolean) UnmarshalJSON(data []byte) error {
|
||||
var val interface{}
|
||||
err := json.Unmarshal(data, &val)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not unmarshal data: %w", err)
|
||||
}
|
||||
|
||||
switch v := val.(type) {
|
||||
case bool:
|
||||
*bit = FlexibleBoolean(v)
|
||||
case string:
|
||||
pv, err := strconv.ParseBool(v)
|
||||
if err != nil {
|
||||
return fmt.Errorf("could not parse %s as boolean: %w", v, err)
|
||||
}
|
||||
*bit = FlexibleBoolean(pv)
|
||||
|
||||
default:
|
||||
return fmt.Errorf("could not parse %v as boolean", v)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
type OIDCClaims struct {
|
||||
// Sub is the user's unique identifier at the provider.
|
||||
Sub string `json:"sub"`
|
||||
Iss string `json:"iss"`
|
||||
|
||||
// Name is the user's full name.
|
||||
Name string `json:"name,omitempty"`
|
||||
Groups []string `json:"groups,omitempty"`
|
||||
Email string `json:"email,omitempty"`
|
||||
EmailVerified bool `json:"email_verified,omitempty"`
|
||||
ProfilePictureURL string `json:"picture,omitempty"`
|
||||
Username string `json:"preferred_username,omitempty"`
|
||||
Name string `json:"name,omitempty"`
|
||||
Groups []string `json:"groups,omitempty"`
|
||||
Email string `json:"email,omitempty"`
|
||||
EmailVerified FlexibleBoolean `json:"email_verified,omitempty"`
|
||||
ProfilePictureURL string `json:"picture,omitempty"`
|
||||
Username string `json:"preferred_username,omitempty"`
|
||||
}
|
||||
|
||||
func (c *OIDCClaims) Identifier() string {
|
||||
|
|
75
hscontrol/types/users_test.go
Normal file
75
hscontrol/types/users_test.go
Normal file
|
@ -0,0 +1,75 @@
|
|||
package types
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"testing"
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
)
|
||||
|
||||
func TestUnmarshallOIDCClaims(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
jsonstr string
|
||||
want OIDCClaims
|
||||
}{
|
||||
{
|
||||
name: "normal-bool",
|
||||
jsonstr: `
|
||||
{
|
||||
"sub": "test",
|
||||
"email": "test@test.no",
|
||||
"email_verified": true
|
||||
}
|
||||
`,
|
||||
want: OIDCClaims{
|
||||
Sub: "test",
|
||||
Email: "test@test.no",
|
||||
EmailVerified: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "string-bool-true",
|
||||
jsonstr: `
|
||||
{
|
||||
"sub": "test2",
|
||||
"email": "test2@test.no",
|
||||
"email_verified": "true"
|
||||
}
|
||||
`,
|
||||
want: OIDCClaims{
|
||||
Sub: "test2",
|
||||
Email: "test2@test.no",
|
||||
EmailVerified: true,
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "string-bool-false",
|
||||
jsonstr: `
|
||||
{
|
||||
"sub": "test3",
|
||||
"email": "test3@test.no",
|
||||
"email_verified": "false"
|
||||
}
|
||||
`,
|
||||
want: OIDCClaims{
|
||||
Sub: "test3",
|
||||
Email: "test3@test.no",
|
||||
EmailVerified: false,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var got OIDCClaims
|
||||
if err := json.Unmarshal([]byte(tt.jsonstr), &got); err != nil {
|
||||
t.Errorf("UnmarshallOIDCClaims() error = %v", err)
|
||||
return
|
||||
}
|
||||
if diff := cmp.Diff(got, tt.want); diff != "" {
|
||||
t.Errorf("UnmarshallOIDCClaims() mismatch (-want +got):\n%s", diff)
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue