Skip to content

Commit

Permalink
Make username_claim callable in CILogon
Browse files Browse the repository at this point in the history
Companion to #717

Fixes #712
  • Loading branch information
yuvipanda committed Jan 18, 2024
1 parent 1fee785 commit 2b5e897
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 3 deletions.
6 changes: 5 additions & 1 deletion oauthenticator/cilogon.py
Original file line number Diff line number Diff line change
Expand Up @@ -363,7 +363,11 @@ def _user_info_to_unprocessed_username(self, user_info):
username_derivation = self.allowed_idps[user_idp]["username_derivation"]
username_claim = username_derivation["username_claim"]

username = user_info.get(username_claim)
if callable(username_claim):
username = username_claim(user_info)
else:
username = user_info.get(self.username_claim, None)

if not username:
message = f"Configured username_claim {username_claim} for {user_idp} was not found in the response {user_info.keys()}"
self.log.error(message)
Expand Down
4 changes: 2 additions & 2 deletions oauthenticator/schemas/cilogon-schema.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ properties:
required:
- username_claim
properties:
username_claim:
type: string
# FIXME: This needs to take a string or a callable
username_claim: {}
action:
type: string
enum:
Expand Down
23 changes: 23 additions & 0 deletions oauthenticator/tests/test_cilogon.py
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,29 @@ async def test_cilogon(
else:
assert auth_model == None

async def test_username_claim_callable(
cilogon_client,
):
c = Config()
c.CILogonOAuthenticator = Config()

c.CILogonOAuthenticator.allowed_idps = {
"https://some-idp.com/login/oauth/authorize": {
"username_derivation": {
"username_claim": lambda user_info: f"prefixed-{user_info['username']}",
},
},
}


authenticator = CILogonOAuthenticator(config=c)

handled_user_model = user_model("user1", "username")
handler = cilogon_client.handler_for_user(handled_user_model)
auth_model = await authenticator.get_authenticated_user(handler, None)

assert auth_model["name"] == f"prefixed-user1"


@mark.parametrize(
"test_variation_id,idp_config,class_config,test_user_name,expect_allowed,expect_admin",
Expand Down

0 comments on commit 2b5e897

Please sign in to comment.