OIDC: add support for custom fields

These fields can be used in the pre-login hook to implement custom logics Fixes #787 Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 14:50:55 +03:00 · 2022-04-12 19:31:25 +02:00
parent 87d7854453
commit cacfffc5bf
15 changed files with 150 additions and 67 deletions
--- a/httpd/oidc_test.go
+++ b/httpd/oidc_test.go
@@ -878,7 +878,6 @@ func TestOIDCPreLoginHook(t *testing.T) {
 	u := dataprovider.User{
 		BaseUser: sdk.BaseUser{
 			Username: username,
-			Password: "unused",
 			HomeDir:  filepath.Join(os.TempDir(), username),
 			Status:   1,
 			Permissions: map[string][]string{
@@ -897,6 +896,7 @@ func TestOIDCPreLoginHook(t *testing.T) {
 	err = dataprovider.Initialize(newProviderConf, "..", true)
 	assert.NoError(t, err)
 	server := getTestOIDCServer()
+	server.binding.OIDC.CustomFields = []string{"field1", "field2"}
 	err = server.binding.OIDC.initialize()
 	assert.NoError(t, err)
 	server.initializeRouter()
@@ -949,7 +949,7 @@ func TestOIDCPreLoginHook(t *testing.T) {
 		Nonce:  authReq.Nonce,
 		Expiry: time.Now().Add(5 * time.Minute),
 	}
-	setIDTokenClaims(idToken, []byte(`{"preferred_username":"`+username+`"}`))
+	setIDTokenClaims(idToken, []byte(`{"preferred_username":"`+username+`","field1":"value1","field2":"value2","field3":"value3"}`))
 	server.binding.OIDC.verifier = &mockOIDCVerifier{
 		err:   nil,
 		token: idToken,
@@ -989,6 +989,7 @@ func getTestOIDCServer() *httpdServer {
 				RedirectBaseURL: "http://127.0.0.1:8081/",
 				UsernameField:   "preferred_username",
 				RoleField:       "sftpgo_role",
+				CustomFields:    nil,
 			},
 		},
 		enableWebAdmin:  true,