|
|
@@ -250,7 +250,7 @@ func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
|
|
|
Timeout: clientSettings.Timeout,
|
|
|
}
|
|
|
|
|
|
- userinfo := getUserInfo(userInfoClient, cfg.AuthOAuth2Providers[registeredState.providerName])
|
|
|
+ userinfo := getUserInfo(cfg, userInfoClient, cfg.AuthOAuth2Providers[registeredState.providerName])
|
|
|
|
|
|
registeredStates[state].Username = userinfo.Username
|
|
|
registeredStates[state].Usergroup = userinfo.Usergroup
|
|
|
@@ -274,7 +274,7 @@ type UserInfo struct {
|
|
|
}
|
|
|
|
|
|
//gocyclo:ignore
|
|
|
-func getUserInfo(client *http.Client, provider *config.OAuth2Provider) *UserInfo {
|
|
|
+func getUserInfo(cfg *config.Config, client *http.Client, provider *config.OAuth2Provider) *UserInfo {
|
|
|
ret := &UserInfo{}
|
|
|
|
|
|
res, err := client.Get(provider.WhoamiUrl)
|
|
|
@@ -300,6 +300,10 @@ func getUserInfo(client *http.Client, provider *config.OAuth2Provider) *UserInfo
|
|
|
|
|
|
var userData map[string]any
|
|
|
|
|
|
+ if cfg.InsecureAllowDumpOAuth2UserData {
|
|
|
+ log.Debugf("OAuth2 User Data: %v+", string(contents))
|
|
|
+ }
|
|
|
+
|
|
|
err = json.Unmarshal([]byte(contents), &userData)
|
|
|
|
|
|
if err != nil {
|
|
|
@@ -327,7 +331,14 @@ func getDataField(data map[string]any, field string) string {
|
|
|
return ""
|
|
|
}
|
|
|
|
|
|
- return val.(string)
|
|
|
+ stringVal, ok := val.(string)
|
|
|
+
|
|
|
+ if !ok {
|
|
|
+ log.Errorf("Field %v is not a string: %v", field, val)
|
|
|
+ return ""
|
|
|
+ }
|
|
|
+
|
|
|
+ return stringVal
|
|
|
}
|
|
|
|
|
|
func parseOAuth2Cookie(r *http.Request) (string, string, string) {
|