This PR adds the preferred_username claim as a possible username source for the oauth2_client. Closes #21518tags/v1.22.0-rc1
;; The source of the username for new oauth2 accounts: | ;; The source of the username for new oauth2 accounts: | ||||
;; userid = use the userid / sub attribute | ;; userid = use the userid / sub attribute | ||||
;; nickname = use the nickname attribute | ;; nickname = use the nickname attribute | ||||
;; preferred_username = use the preferred_username attribute | |||||
;; email = use the username part of the email attribute | ;; email = use the username part of the email attribute | ||||
;; Note: `nickname` and `email` options will normalize input strings using the following criteria: | |||||
;; Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria: | |||||
;; - diacritics are removed | ;; - diacritics are removed | ||||
;; - the characters in the set `['´\x60]` are removed | ;; - the characters in the set `['´\x60]` are removed | ||||
;; - the characters in the set `[\s~+]` are replaced with `-` | ;; - the characters in the set `[\s~+]` are replaced with `-` |
- `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users. | - `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users. | ||||
- `USERNAME`: **nickname**: The source of the username for new oauth2 accounts: | - `USERNAME`: **nickname**: The source of the username for new oauth2 accounts: | ||||
- `userid` - use the userid / sub attribute | - `userid` - use the userid / sub attribute | ||||
- `nickname` - use the nickname attribute | |||||
- `nickname` - use the nickname | |||||
- `preferred_username` - use the preferred_username | |||||
- `email` - use the username part of the email attribute | - `email` - use the username part of the email attribute | ||||
- Note: `nickname` and `email` options will normalize input strings using the following criteria: | |||||
- Note: `nickname`, `preferred_username` and `email` options will normalize input strings using the following criteria: | |||||
- diacritics are removed | - diacritics are removed | ||||
- the characters in the set `['´\x60]` are removed | - the characters in the set `['´\x60]` are removed | ||||
- the characters in the set `[\s~+]` are replaced with `-` | - the characters in the set `[\s~+]` are replaced with `-` |
OAuth2UsernameNickname OAuth2UsernameType = "nickname" | OAuth2UsernameNickname OAuth2UsernameType = "nickname" | ||||
// OAuth2UsernameEmail username of oauth2 email field will be used as gitea name | // OAuth2UsernameEmail username of oauth2 email field will be used as gitea name | ||||
OAuth2UsernameEmail OAuth2UsernameType = "email" | OAuth2UsernameEmail OAuth2UsernameType = "email" | ||||
// OAuth2UsernameEmail username of oauth2 preferred_username field will be used as gitea name | |||||
OAuth2UsernamePreferredUsername OAuth2UsernameType = "preferred_username" | |||||
) | ) | ||||
func (username OAuth2UsernameType) isValid() bool { | func (username OAuth2UsernameType) isValid() bool { | ||||
switch username { | switch username { | ||||
case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail: | |||||
case OAuth2UsernameUserid, OAuth2UsernameNickname, OAuth2UsernameEmail, OAuth2UsernamePreferredUsername: | |||||
return true | return true | ||||
} | } | ||||
return false | return false |
switch setting.OAuth2Client.Username { | switch setting.OAuth2Client.Username { | ||||
case setting.OAuth2UsernameEmail: | case setting.OAuth2UsernameEmail: | ||||
return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0]) | return user_model.NormalizeUserName(strings.Split(gothUser.Email, "@")[0]) | ||||
case setting.OAuth2UsernamePreferredUsername: | |||||
preferredUsername, exists := gothUser.RawData["preferred_username"] | |||||
if exists { | |||||
return user_model.NormalizeUserName(preferredUsername.(string)) | |||||
} else { | |||||
return "", fmt.Errorf("preferred_username is missing in received user data but configured as username source for user_id %q. Check if OPENID_CONNECT_SCOPES contains profile", gothUser.UserID) | |||||
} | |||||
case setting.OAuth2UsernameNickname: | case setting.OAuth2UsernameNickname: | ||||
return user_model.NormalizeUserName(gothUser.NickName) | return user_model.NormalizeUserName(gothUser.NickName) | ||||
default: // OAuth2UsernameUserid | default: // OAuth2UsernameUserid |