We now use the graph user's identities property to store the subject and issuer claims
when autoprovisioning a user. The attrbute is not really used anywhere yet, but will
allow us to detect renames and other changes in the future.
Closes: #8956
When auto-provisioning user accounts we used a fixed mapping for claims
for the userinfo response to user attributes. This change introduces
configuration options to defined which claims should be user for the
username, display name and email address of the auto-provisioned
accounts.
This also removes the automatic fallback to use the 'mail' claim as the
username when the 'preferred_username' claim does not exist.
Fixes: #8635
* feat: add CSP and other security related headers in the oCIS proxy service
* fix: consolidate security related headers - drop middleware.Secure
* fix: use github.com/DeepDiver1975/secure
* fix: acceptance tests
* feat: support env var replacements in csp.yaml
* Fix mockery setup for graph service
Add missing interfaces to .mockery.yaml. Use existing mocks from protogen
where possible. Remove remaining //go:generate call.
* Add mockery config for settings service
* Add mockery config for proxy service
* bump mockery, add test stub for oidc_auth.go
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use .mockery.yaml for all mocks
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* drop legacy go:generate mockery
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* align mock placement
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* extract and test role claim parsing
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add failing test
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* read segmented roles claim as array and string
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* reuse more code by extracting WalkSegments
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add TestSplitWithEscaping
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* docs and error for unhandled case
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add claims test
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add missing ReadStringClaim docs
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* enhancement: add graph beta listPermissions endpoint
besides the new api endpoint it includes several utilities to simplify the graph api development.
* resolve drive and item id from the request path
* generic pointer and value utilities
* space root detection
* update GetDriveAndItemIDParam signature to return a error
* move errorcode package
* enhancement: add generic error code handling
* fix: rebase
