Prevent empty username when using the OIDC integration
This commit is contained in:
Frédéric Guillot
parent
36f013670e
commit
ab0c4ec0f5
2 changed files with 16 additions and 5 deletions
|
|
@ -49,20 +49,20 @@ func (g *googleProvider) GetProfile(ctx context.Context, code, codeVerifier stri
|
||||||
conf := g.GetConfig()
|
conf := g.GetConfig()
|
||||||
token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
|
token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("google: failed to exchange token: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
client := conf.Client(ctx, token)
|
client := conf.Client(ctx, token)
|
||||||
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
|
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf("google: failed to get user info: %w", err)
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
var user googleProfile
|
var user googleProfile
|
||||||
decoder := json.NewDecoder(resp.Body)
|
decoder := json.NewDecoder(resp.Body)
|
||||||
if err := decoder.Decode(&user); err != nil {
|
if err := decoder.Decode(&user); err != nil {
|
||||||
return nil, fmt.Errorf("oauth2: unable to unserialize google profile: %v", err)
|
return nil, fmt.Errorf("google: unable to unserialize Google profile: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
profile := &Profile{Key: g.GetUserExtraKey(), ID: user.Sub, Username: user.Email}
|
profile := &Profile{Key: g.GetUserExtraKey(), ID: user.Sub, Username: user.Email}
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,8 @@ package oauth2 // import "miniflux.app/v2/internal/oauth2"
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
|
||||||
"miniflux.app/v2/internal/model"
|
"miniflux.app/v2/internal/model"
|
||||||
|
|
||||||
|
|
@ -12,6 +14,10 @@ import (
|
||||||
"golang.org/x/oauth2"
|
"golang.org/x/oauth2"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
ErrEmptyUsername = errors.New("oidc: username is empty")
|
||||||
|
)
|
||||||
|
|
||||||
type oidcProvider struct {
|
type oidcProvider struct {
|
||||||
clientID string
|
clientID string
|
||||||
clientSecret string
|
clientSecret string
|
||||||
|
|
@ -46,15 +52,20 @@ func (o *oidcProvider) GetProfile(ctx context.Context, code, codeVerifier string
|
||||||
conf := o.GetConfig()
|
conf := o.GetConfig()
|
||||||
token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
|
token, err := conf.Exchange(ctx, code, oauth2.SetAuthURLParam("code_verifier", codeVerifier))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf(`oidc: failed to exchange token: %w`, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
userInfo, err := o.provider.UserInfo(ctx, oauth2.StaticTokenSource(token))
|
userInfo, err := o.provider.UserInfo(ctx, oauth2.StaticTokenSource(token))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, fmt.Errorf(`oidc: failed to get user info: %w`, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
profile := &Profile{Key: o.GetUserExtraKey(), ID: userInfo.Subject, Username: userInfo.Email}
|
profile := &Profile{Key: o.GetUserExtraKey(), ID: userInfo.Subject, Username: userInfo.Email}
|
||||||
|
|
||||||
|
if profile.Username == "" {
|
||||||
|
return nil, ErrEmptyUsername
|
||||||
|
}
|
||||||
|
|
||||||
return profile, nil
|
return profile, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue