From d05df2f85e22f71daeefce5d92683c7256b35c7b Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Thu, 11 Nov 2021 11:43:10 +0100 Subject: [PATCH] fix basic auth with custom user claim --- changelog/unreleased/fix-basic-auth-with-custom-user-claim | 7 +++++++ proxy/pkg/command/server.go | 1 + proxy/pkg/middleware/authentication.go | 1 + proxy/pkg/middleware/basic_auth.go | 1 + 4 files changed, 10 insertions(+) create mode 100644 changelog/unreleased/fix-basic-auth-with-custom-user-claim diff --git a/changelog/unreleased/fix-basic-auth-with-custom-user-claim b/changelog/unreleased/fix-basic-auth-with-custom-user-claim new file mode 100644 index 000000000..2729e67e3 --- /dev/null +++ b/changelog/unreleased/fix-basic-auth-with-custom-user-claim @@ -0,0 +1,7 @@ +Bugfix: Fix basic auth with custom user claim + +We've fixed authentication with basic if oCIS is configured to use a non-standard claim +as user claim (`PROXY_USER_OIDC_CLAIM`). Prior to this bugfix the authentication always +failed and is now working. + +https://github.com/owncloud/ocis/pull/2755 diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go index 8b4341103..40ec611a8 100644 --- a/proxy/pkg/command/server.go +++ b/proxy/pkg/command/server.go @@ -220,6 +220,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) middleware.EnableBasicAuth(cfg.EnableBasicAuth), middleware.UserProvider(userProvider), middleware.OIDCIss(cfg.OIDC.Issuer), + middleware.UserOIDCClaim(cfg.UserOIDCClaim), middleware.CredentialsByUserAgent(cfg.Reva.Middleware.Auth.CredentialsByUserAgent), ), middleware.SignedURLAuth( diff --git a/proxy/pkg/middleware/authentication.go b/proxy/pkg/middleware/authentication.go index 2e0f0f5dc..79a6746f4 100644 --- a/proxy/pkg/middleware/authentication.go +++ b/proxy/pkg/middleware/authentication.go @@ -126,6 +126,7 @@ func newBasicAuth(options Options) func(http.Handler) http.Handler { EnableBasicAuth(options.EnableBasicAuth), AccountsClient(options.AccountsClient), OIDCIss(options.OIDCIss), + UserOIDCClaim(options.UserOIDCClaim), CredentialsByUserAgent(options.CredentialsByUserAgent), ) } diff --git a/proxy/pkg/middleware/basic_auth.go b/proxy/pkg/middleware/basic_auth.go index b778c092c..14e4ef59d 100644 --- a/proxy/pkg/middleware/basic_auth.go +++ b/proxy/pkg/middleware/basic_auth.go @@ -85,6 +85,7 @@ func BasicAuth(optionSetters ...Option) func(next http.Handler) http.Handler { // fake oidc claims claims := map[string]interface{}{ oidc.OwncloudUUID: user.Id.OpaqueId, + options.UserOIDCClaim: user.Id.OpaqueId, oidc.Iss: user.Id.Idp, oidc.PreferredUsername: user.Username, oidc.Email: user.Mail,