فهرست منبع

bugfix: Crash in OAuth2 userdata, and option to log user data (#631)

James Read 11 ماه پیش
والد
کامیت
2d4a3fc048
2فایلهای تغییر یافته به همراه15 افزوده شده و 3 حذف شده
  1. 1 0
      service/internal/config/config.go
  2. 14 3
      service/internal/httpservers/restapi_auth_oauth2.go

+ 1 - 0
service/internal/config/config.go

@@ -138,6 +138,7 @@ type Config struct {
 	CronSupportForSeconds           bool
 	SectionNavigationStyle          string
 	DefaultPopupOnStart             string
+	InsecureAllowDumpOAuth2UserData bool
 	InsecureAllowDumpVars           bool
 	InsecureAllowDumpSos            bool
 	InsecureAllowDumpActionMap      bool

+ 14 - 3
service/internal/httpservers/restapi_auth_oauth2.go

@@ -250,7 +250,7 @@ func handleOAuthCallback(w http.ResponseWriter, r *http.Request) {
 		Timeout: clientSettings.Timeout,
 	}
 
-	userinfo := getUserInfo(userInfoClient, cfg.AuthOAuth2Providers[registeredState.providerName])
+	userinfo := getUserInfo(cfg, userInfoClient, cfg.AuthOAuth2Providers[registeredState.providerName])
 
 	registeredStates[state].Username = userinfo.Username
 	registeredStates[state].Usergroup = userinfo.Usergroup
@@ -274,7 +274,7 @@ type UserInfo struct {
 }
 
 //gocyclo:ignore
-func getUserInfo(client *http.Client, provider *config.OAuth2Provider) *UserInfo {
+func getUserInfo(cfg *config.Config, client *http.Client, provider *config.OAuth2Provider) *UserInfo {
 	ret := &UserInfo{}
 
 	res, err := client.Get(provider.WhoamiUrl)
@@ -300,6 +300,10 @@ func getUserInfo(client *http.Client, provider *config.OAuth2Provider) *UserInfo
 
 	var userData map[string]any
 
+	if cfg.InsecureAllowDumpOAuth2UserData {
+		log.Debugf("OAuth2 User Data: %v+", string(contents))
+	}
+
 	err = json.Unmarshal([]byte(contents), &userData)
 
 	if err != nil {
@@ -327,7 +331,14 @@ func getDataField(data map[string]any, field string) string {
 		return ""
 	}
 
-	return val.(string)
+	stringVal, ok := val.(string)
+
+	if !ok {
+		log.Errorf("Field %v is not a string: %v", field, val)
+		return ""
+	}
+
+	return stringVal
 }
 
 func parseOAuth2Cookie(r *http.Request) (string, string, string) {