This repository was archived by the owner on Apr 13, 2025. It is now read-only.
forked from oauth2-proxy/oauth2-proxy
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnextcloud.go
80 lines (67 loc) · 2.27 KB
/
nextcloud.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package providers
import (
"context"
"fmt"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
)
// NextcloudProvider represents an Nextcloud based Identity Provider
type NextcloudProvider struct {
*ProviderData
}
var _ Provider = (*NextcloudProvider)(nil)
const nextCloudProviderName = "Nextcloud"
// NewNextcloudProvider initiates a new NextcloudProvider
func NewNextcloudProvider(p *ProviderData) *NextcloudProvider {
p.ProviderName = nextCloudProviderName
p.getAuthorizationHeaderFunc = makeOIDCHeader
if p.EmailClaim == options.OIDCEmailClaim {
// This implies the email claim has not been overridden, we should set a default
// for this provider
p.EmailClaim = "ocs.data.email"
}
return &NextcloudProvider{ProviderData: p}
}
// EnrichSession uses the Nextcloud userinfo endpoint to populate
// the session's email, user, and groups.
func (p *NextcloudProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
// Fallback to ValidateURL if ProfileURL not set for legacy compatibility
profileURL := p.ValidateURL.String()
if p.ProfileURL.String() != "" {
profileURL = p.ProfileURL.String()
}
json, err := requests.New(profileURL).
WithContext(ctx).
SetHeader("Authorization", "Bearer "+s.AccessToken).
Do().
UnmarshalSimpleJSON()
if err != nil {
logger.Errorf("failed making request %v", err)
return err
}
groups, err := json.GetPath("ocs", "data", "groups").StringArray()
if err == nil {
for _, group := range groups {
if group != "" {
s.Groups = append(s.Groups, group)
}
}
}
user, err := json.GetPath("ocs", "data", "id").String()
if err != nil {
return fmt.Errorf("unable to extract id from userinfo endpoint: %v", err)
}
s.User = user
email, err := json.GetPath("ocs", "data", "email").String()
if err != nil {
return fmt.Errorf("unable to extract email from userinfo endpoint: %v", err)
}
s.Email = email
return nil
}
// ValidateSession validates the AccessToken
func (p *NextcloudProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
}