Merge pull request #3 from brianhlin/INF-748.configurable-name-claim

Add configurable name claim (INF-748)
CHTC · Aug 8, 2023 · bcd48f0 · bcd48f0
2 parents 4a5ddfb + 3e4ce9a
commit bcd48f0
Show file tree

Hide file tree

Showing 9 changed files with 22 additions and 7 deletions.
diff --git a/config_template.json b/config_template.json
@@ -9,6 +9,7 @@
         "token_endpoint": "https://provider.com/token",
         "userinfo_endpoint": "https://provider.com/userinfo",
         "username_attribute": "preferred_username",
+        "name_attribute": "name",
         "local_username_suffix": ""
     },
     "ldap": {

diff --git a/packaging/rpm/Dockerfile b/packaging/rpm/Dockerfile
@@ -16,7 +16,7 @@ RUN groupadd builder \
 USER builder
 
 # This version must be identical to the version in pamoauth2device.spec
-ENV PACKAGE_VERSION=0.1
+ENV PACKAGE_VERSION=0.1.3.chtc
 
 WORKDIR /home/builder
 

diff --git a/packaging/rpm/pamoauth2device.spec b/packaging/rpm/pamoauth2device.spec
@@ -1,5 +1,5 @@
 # pam_oauth2_device version
-%define _version 0.1
+%define _version 0.1.3.chtc
 %define _lib /lib64
 
 
@@ -53,10 +53,16 @@ cp config_template.json ${RPM_BUILD_ROOT}%{_sysconfdir}/pam_oauth2_device/config
 %files
 %doc LICENSE README.md
 %{_lib}/security/pam_oauth2_device.so
-%{_sysconfdir}/pam_oauth2_device/config.json
+%config(noreplace) %{_sysconfdir}/pam_oauth2_device/config.json
 
 
 %changelog
+* Mon Aug 7 2023 Brian Lin <[email protected]> - 0.1.3.chtc
+- Allow the name claim to be configurable (INF-748)
+
+* Mon Aug 2 2021 Brian Bockelman <[email protected]> - 0.1.2.chtc
+- Add support for the device code flow for test.cilogon.org
+
 * Thu Aug 13 2020 Will Furnell <[email protected]> - 0.1
 - Revamped completely for STFC use
 

diff --git a/src/include/config.cpp b/src/include/config.cpp
@@ -19,6 +19,7 @@ void Config::load(const char *path)
     token_endpoint = j.at("oauth").at("token_endpoint").get<std::string>();
     userinfo_endpoint = j.at("oauth").at("userinfo_endpoint").get<std::string>();
     username_attribute = j.at("oauth").at("username_attribute").get<std::string>();
+    name_attribute = j.at("oauth").at("name_attribute").get<std::string>();
     local_username_suffix = j.at("oauth").at("local_username_suffix").get<std::string>();
 
     qr_error_correction_level = (j.find("qr") != j.end()) ?

diff --git a/src/include/config.hpp b/src/include/config.hpp
@@ -16,6 +16,7 @@ class Config
         token_endpoint,
         userinfo_endpoint,
         username_attribute,
+        name_attribute,
         ldap_host,
         ldap_basedn,
         ldap_user,

diff --git a/src/pam_oauth2_device.cpp b/src/pam_oauth2_device.cpp
@@ -303,6 +303,7 @@ void get_userinfo(const Config &config,
                   const char *userinfo_endpoint,
                   const char *token,
                   const char *username_attribute,
+                  const char *name_attribute,
                   Userinfo *userinfo)
 {
     CURL *curl;
@@ -332,7 +333,7 @@ void get_userinfo(const Config &config,
         auto data = json::parse(readBuffer);
         userinfo->sub = data.at("sub");
         userinfo->username = data.at(username_attribute);
-        userinfo->name = data.at("name");
+        userinfo->name = data.at(name_attribute);
         userinfo->groups = data.at("groups").get<std::vector<std::string>>();
     }
     catch (json::exception &e)
@@ -535,8 +536,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, cons
         poll_for_token(config, config.client_id.c_str(), config.client_secret.c_str(),
                        config.token_endpoint.c_str(),
                        device_auth_response.device_code.c_str(), token);
-        get_userinfo(config, config.userinfo_endpoint.c_str(), token.c_str(),
-                     config.username_attribute.c_str(), &userinfo);
+          get_userinfo(config, config.userinfo_endpoint.c_str(), token.c_str(),
+                     config.username_attribute.c_str(), config.name_attribute.c_str(),
+                     &userinfo);
     }
     catch (PamError &e)
     {

diff --git a/src/pam_oauth2_device.hpp b/src/pam_oauth2_device.hpp
@@ -37,6 +37,7 @@ void poll_for_token(const char *client_id,
 void get_userinfo(const char *userinfo_endpoint,
                   const char *token,
                   const char *username_attribute,
+                  const char *name_attribute,
                   Userinfo *userinfo);
 
 #endif // PAM_OAUTH2_DEVICE_HPP
diff --git a/test/data/template_noldap.json b/test/data/template_noldap.json
@@ -8,7 +8,8 @@
         "device_endpoint":"https://provider.com/devicecode", 
         "token_endpoint": "https://provider.com/token",
         "userinfo_endpoint": "https://provider.com/userinfo",
-        "username_attribute": "preferred_username"
+        "username_attribute": "preferred_username",
+        "name_attribute": "name"
     },
     "qr": {
         "error_correction_level": 0

diff --git a/test/test_pam_oauth2_device.cpp b/test/test_pam_oauth2_device.cpp
@@ -5,6 +5,7 @@
 #define TOKEN_ENDPOINT "http://localhost:8042/token"
 #define USERINFO_ENDPOINT "http://localhost:8042/userinfo"
 #define USERNAME_ATTRIBUTE "preferred_username"
+#define NAME_ATTRIBUTE "name"
 #define CLIENT_ID "client_id"
 #define CLIENT_SECRET "NDVmODY1ZDczMGIyMTM1MWFlYWM2NmYw"
 #define SCOPE "openid profile"
@@ -46,6 +47,7 @@ TEST(PamTest, Userinfo)
     get_userinfo(USERINFO_ENDPOINT,
                  ACCESS_TOKEN,
                  USERNAME_ATTRIBUTE,
+                 NAME_ATTRIBUTE,
                  &userinfo);
     EXPECT_EQ(userinfo.sub, "YzQ4YWIzMzJhZjc5OWFkMzgwNmEwM2M5");
     EXPECT_EQ(userinfo.username, "jdoe");