IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

only use jwt token if it contains an email address

Browse Source
This commit is contained in:
Dan Cech 2018-03-06 14:21:36 -05:00
parent 7ba9e2e608
commit 9d005c50a2
No known key found for this signature in database
GPG Key ID: 6F1146C5B66FBD41
1 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
pkg/social/generic_oauth.go
View File

@ -180,6 +180,7 @@ type UserInfoJson struct {
func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) { func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token) (*BasicUserInfo, error) {
var data UserInfoJson var data UserInfoJson
var err error
if s.extractToken(&data, token) != true { if s.extractToken(&data, token) != true {
response, err := HttpGet(client, s.apiUrl) response, err := HttpGet(client, s.apiUrl)
@ -193,20 +194,17 @@ func (s *SocialGenericOAuth) UserInfo(client *http.Client, token *oauth2.Token)
} }
} }
name, err := s.extractName(data) name := s.extractName(&data)
if err != nil {
return nil, err email := s.extractEmail(&data)
if email == "" {
email, err = s.FetchPrivateEmail(client)
if err != nil {
return nil, err
}
} }
email, err := s.extractEmail(data, client) login := s.extractLogin(&data, email)
if err != nil {
return nil, err
}
login, err := s.extractLogin(data, email)
if err != nil {
return nil, err
}
userInfo := &BasicUserInfo{ userInfo := &BasicUserInfo{
Name: name, Name: name,
@ -251,49 +249,55 @@ func (s *SocialGenericOAuth) extractToken(data *UserInfoJson, token *oauth2.Toke
return false return false
} }
email := s.extractEmail(data)
if email == "" {
s.log.Debug("No email found in id_token", "json", string(payload), "data", data)
return false
}
s.log.Debug("Received id_token", "json", string(payload), "data", data) s.log.Debug("Received id_token", "json", string(payload), "data", data)
return true return true
} }
func (s *SocialGenericOAuth) extractEmail(data UserInfoJson, client *http.Client) (string, error) { func (s *SocialGenericOAuth) extractEmail(data *UserInfoJson) string {
if data.Email != "" { if data.Email != "" {
return data.Email, nil return data.Email
} }
if data.Attributes["email:primary"] != nil { if data.Attributes["email:primary"] != nil {
return data.Attributes["email:primary"][0], nil return data.Attributes["email:primary"][0]
} }
if data.Upn != "" { if data.Upn != "" {
emailAddr, emailErr := mail.ParseAddress(data.Upn) emailAddr, emailErr := mail.ParseAddress(data.Upn)
if emailErr == nil { if emailErr == nil {
return emailAddr.Address, nil return emailAddr.Address
} }
} }
return s.FetchPrivateEmail(client) return ""
} }
func (s *SocialGenericOAuth) extractLogin(data UserInfoJson, email string) (string, error) { func (s *SocialGenericOAuth) extractLogin(data *UserInfoJson, email string) string {
if data.Login != "" { if data.Login != "" {
return data.Login, nil return data.Login
} }
if data.Username != "" { if data.Username != "" {
return data.Username, nil return data.Username
} }
return email, nil return email
} }
func (s *SocialGenericOAuth) extractName(data UserInfoJson) (string, error) { func (s *SocialGenericOAuth) extractName(data *UserInfoJson) string {
if data.Name != "" { if data.Name != "" {
return data.Name, nil return data.Name
} }
if data.DisplayName != "" { if data.DisplayName != "" {
return data.DisplayName, nil return data.DisplayName
} }
return "", nil return ""
} }