ba30cd6bb2
CAS nested attributes produce a key called "attributes", which is disliked by Grafana, because it expects any key called attributes to be a map<string, list<string>>, whereas CAS just produces a map<string, string>. As part of setting up Grafana SSO we need therefore to fix Gerrit so it can adapt to the new syntax that we're adopting. Change-Id: Ia79dae78c0eae6e21135a06cd5850606f82bcdb8 Reviewed-on: https://cl.tvl.fyi/c/depot/+/2981 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
69 lines
3.2 KiB
Diff
69 lines
3.2 KiB
Diff
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
|
|
index 450549f..27310cd 100644
|
|
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
|
|
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasApi.java
|
|
@@ -15,7 +15,7 @@
|
|
package com.googlesource.gerrit.plugins.oauth;
|
|
|
|
import com.github.scribejava.core.builder.api.DefaultApi20;
|
|
-import com.github.scribejava.core.extractors.OAuth2AccessTokenExtractor;
|
|
+import com.github.scribejava.core.extractors.OAuth2AccessTokenJsonExtractor;
|
|
import com.github.scribejava.core.extractors.TokenExtractor;
|
|
import com.github.scribejava.core.model.OAuth2AccessToken;
|
|
import com.github.scribejava.core.oauth2.bearersignature.BearerSignature;
|
|
@@ -47,6 +47,6 @@ public class CasApi extends DefaultApi20 {
|
|
|
|
@Override
|
|
public TokenExtractor<OAuth2AccessToken> getAccessTokenExtractor() {
|
|
- return OAuth2AccessTokenExtractor.instance();
|
|
+ return OAuth2AccessTokenJsonExtractor.instance();
|
|
}
|
|
}
|
|
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
|
|
index 5f3e4a1..fc5bc50 100644
|
|
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
|
|
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/CasOAuthService.java
|
|
@@ -106,36 +106,14 @@ class CasOAuthService implements OAuthServiceProvider {
|
|
throw new IOException(String.format("CAS response missing id: %s", response.getBody()));
|
|
}
|
|
|
|
- JsonElement attrListJson = jsonObject.get("attributes");
|
|
- if (attrListJson == null) {
|
|
- throw new IOException(
|
|
- String.format("CAS response missing attributes: %s", response.getBody()));
|
|
- }
|
|
-
|
|
String email = null, name = null, login = null;
|
|
- if (attrListJson.isJsonArray()) {
|
|
- // It is possible for CAS to be configured to not return any attributes (email, name,
|
|
- // login),
|
|
- // in which case,
|
|
- // CAS returns an empty JSON object "attributes":{}, rather than "null" or an empty JSON
|
|
- // array
|
|
- // "attributes": []
|
|
-
|
|
- JsonArray attrJson = attrListJson.getAsJsonArray();
|
|
- for (JsonElement elem : attrJson) {
|
|
- if (elem == null || !elem.isJsonObject()) {
|
|
- throw new IOException(String.format("Invalid JSON '%s': not a JSON Object", elem));
|
|
- }
|
|
- JsonObject obj = elem.getAsJsonObject();
|
|
-
|
|
- String property = getStringElement(obj, "email");
|
|
- if (property != null) email = property;
|
|
- property = getStringElement(obj, "name");
|
|
- if (property != null) name = property;
|
|
- property = getStringElement(obj, "login");
|
|
- if (property != null) login = property;
|
|
- }
|
|
- }
|
|
+
|
|
+ String property = getStringElement(jsonObject, "mail");
|
|
+ if (property != null) email = property;
|
|
+ property = getStringElement(jsonObject, "displayName");
|
|
+ if (property != null) name = property;
|
|
+ property = getStringElement(jsonObject, "uid");
|
|
+ if (property != null) login = property;
|
|
|
|
return new OAuthUserInfo(
|
|
CAS_PROVIDER_PREFIX + id.getAsString(),
|