Skip to content

Commit

Permalink
Ensure OAUTH_ADDITIONAL_CLAIMS works properly when profile contains s…
Browse files Browse the repository at this point in the history 
…ingle value for additional claim.pgadmin-org#6835
  • Loading branch information
@yogeshmahajan-1903
yogeshmahajan-1903 committed Oct 27, 2023
1 parent 5a75836 commit 9022c89
Showing 1 changed file with 22 additions and 20 deletions.
42 changes: 22 additions & 20 deletions web/pgadmin/authenticate/oauth2.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,15 +151,12 @@ def login(self, form):
current_app.logger.exception(error_msg)
return False, gettext(error_msg)

additinal_claims = None
if 'OAUTH2_ADDITIONAL_CLAIMS' in self.oauth2_config[
self.oauth2_current_client]:
additinal_claims = self.oauth2_config[
self.oauth2_current_client
]['OAUTH2_ADDITIONAL_CLAIMS']
current_oauth2_config = self.oauth2_config[self.oauth2_current_client]
additional_claims = current_oauth2_config['OAUTH2_ADDITIONAL_CLAIMS'] \
if 'OAUTH2_ADDITIONAL_CLAIMS' in current_oauth2_config else None

(valid, reason) = self.__is_additional_claims_valid(profile,
additinal_claims)
valid, reason = self.__is_additional_claims_valid(profile,
additional_claims)

if not valid:
return_msg = "The user is not authorized to login" \
Expand Down Expand Up @@ -225,23 +222,28 @@ def __auto_create_user(self, username, email):

return True, {'username': username}

def __is_additional_claims_valid(self, profile, additional_claims):
@staticmethod
def __is_additional_claims_valid(profile, additional_claims):
valid = True
reason = "Claim match found. Authorizing"

if additional_claims is None:
reason = "Additional claim config is None, no check to do."
return (True, reason)
if not isinstance(additional_claims, dict):
reason = "Additional claim check config is not a dict."
return (False, reason)
if additional_claims.keys() is None:
reason = "Additional claim check config dict is empty."
return (False, reason)
return valid, reason
elif not isinstance(additional_claims, dict) or \
not bool(additional_claims):
reason = "Additional claim config is not a dict or a empty dict"
valid = False
return valid, reason
for key in additional_claims.keys():
claim = profile.get(key)
if claim is None:
continue
authorized_claims = additional_claims.get(key)
if isinstance(claim, str) and claim in authorized_claims:
return True, reason
if any(item in authorized_claims for item in claim):
reason = "Claim match found. Authorizing"
return (True, reason)
reason = f"Profile does not have any of given additional claims."
return (False, reason)
return True, reason
valid = False
reason = "Profile does not have any of given additional claims."
return valid, reason

0 comments on commit 9022c89

Please sign in to comment.