Pass all claim parameters to the userid_verify_sql

qwc-services · Sep 26, 2024 · 721bcf7 · 721bcf7
1 parent 78b8d0a
commit 721bcf7
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 6 deletions.
diff --git a/schemas/sogis-mysoch-auth.json b/schemas/sogis-mysoch-auth.json
@@ -64,7 +64,7 @@
           }
         },
         "userid_verify_sql": {
-          "description": "Query which verifies whether the userid exist. Must contain the :id placeholder",
+          "description": "Query which verifies whether the userid exist. Can reference claim parameters in placeholders, with dashes replaced by _ (i.e. :x_igov_login_email ), and :id as the user id.",
           "type": "string"
         },
         "autoregistration_allowed_query": {

diff --git a/src/server.py b/src/server.py
@@ -165,28 +165,28 @@ def login():
     app.logger.debug("userid: %s, displayname: %s" % (userid, displayname))
 
     user_exists = False
+    query_params = dict([(key.replace("-", "_"), claims[key]) for key in claims])
+    query_params["id"] = userid
     with db.connect() as connection:
 
         sql = sql_text(config.get("userid_verify_sql", "SELECT"))
-        result = connection.execute(sql, {"id": userid}).first()
+        result = connection.execute(sql, query_params).first()
         user_exists = result is not None
 
     # Check if user can be automatically registered
     if not user_exists:
-        claim_params = dict([(key.replace("-", "_"), claims[key]) for key in claims])
-        claim_params["id"] = userid
         registration_allowed = False
         with db.connect() as connection:
             sql = sql_text(config.get("autoregistration_allowed_query", "SELECT FALSE"))
-            result = connection.execute(sql, claim_params).first()
+            result = connection.execute(sql, query_params).first()
             registration_allowed = result and result[0] == True
         app.logger.debug("userid %s verification failed, autoregistration allowed: %d" % (userid, registration_allowed))
 
         if registration_allowed:
             with db.connect() as connection:
                 sql = sql_text(config.get("autoregistration_query", "SELECT"))
                 try:
-                    connection.execute(sql, claim_params)
+                    connection.execute(sql, query_params)
                     connection.commit()
                     user_exists = True
                     app.logger.debug("autoregistration succeeded")