[NEW] Feature/custom oauth mail field and interpolation for mapped fields #15690
Conversation
benkroeger
changed the title
|
@rodrigok @engelgabriel can someone pls re-trigger the test-with-oplog-mongo-4-0? I didn't change anything related in the last commit (previous commit ran tests successfully). Suspecting a hick-up in circle-ci here. thanks! |
|
Is there any updates with this? |
|
Updates? |
|
@sampaiodiego since this one is similar to #15743, can you take a look? |
|
Updates? |
|
nothing? in a month? is anything missing? |
|
Maybe you should @ them? |
|
"them" whom? mentioned a few of the frequent contributors already
|
|
@tammer123 so you are a team member (now)? |
|
@sampaiodiego since you authored the PR for the latest release, I assume you're pretty active in the development team. I've been trying to drag some attention to this PR for quite a while now. Can you maybe give a hint on what action I'm missing - or even help me get this thing processed? Any comment is highly appreciated |
because mongo does not allow '.' in field names
this allows to mix and match fragments of existing fields (identity response from provider) into new values (e.g. pick the leading part of email and use as username: `{{/^(.+)@/::email}}`)
throwing would be breaking change (though consistent with all other custom field mappings)
…auth-mail-field * upstream/develop: [NEW] Engagement Dashboard (#16960)
|
@rodrigok unit tests added - for simplicity in testing, I outsourced the newly added methods into a separate file. this also reduces the risk of code conflicts in the main file |
|
@benkroeger great, thanks, I'll review it again soon |
|
@benkroeger I tried this config: With this value returning on And got this result: The email is correct but the name and username are wrong |
* develop: (36 commits) Group DM improvements [NEW] Sort channel directory listing by latest message (#16604) [FIX] Wrong message count statistics in Admin info page (#16680) Fix: 2FA DDP method not getting code on API call that doesn’t requires 2FA (#16998) [NEW] Direct message between multiple users (#16761) Bump version to 3.0.7 Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription (#17017) Regression: Remove deprecated Omnichannel setting used to fetch the queue data through subscription (#17017) Bump version to 3.0.6 [Regression] Replace the Omnichannel queue model observe with Stream (#16999) [FIX] Keeps the agent in the room after accepting a new Omnichannel request (#16787) Bump version to 3.0.5 [FIX] Race conditions on/before login (#16989) Bump version to 3.0.4 [IMPROVE] Send files over rest api (#16617) [FIX] Integrations page pagination (#16838) [FIX] TypeError when trying to load avatar of an invalid room. (#16699) Bump version to 3.0.3 [FIX] Language country has been ignored on translation load (#16757) [FIX] Manual Register use correct state for determining registered (#16726) ...
|
@rodrigok can not explain where die mismatch comes from. added unit test to process exactly your test data and template expression - receiving the expected results. I also added the normalizers to is it possible that you ran tests a couple of times, maybe even with different setup or an existing user with the same id? |
|
live test on a running instance also works fine for me (completely fresh meteor instance), using my actual azure ad oauth configuration:
|
|
@benkroeger you need to apply this change: From 22db311f707550e480f1d208740ba6b5097facc7 Mon Sep 17 00:00:00 2001
From: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Date: Thu, 26 Mar 2020 15:25:26 -0300
Subject: [PATCH] Do not process OAuth fields 2 times
---
app/custom-oauth/server/custom_oauth_server.js | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/app/custom-oauth/server/custom_oauth_server.js b/app/custom-oauth/server/custom_oauth_server.js
index 020da8782..c37e43b62 100644
--- a/app/custom-oauth/server/custom_oauth_server.js
+++ b/app/custom-oauth/server/custom_oauth_server.js
@@ -357,15 +357,15 @@ export class CustomOAuth {
}
if (this.usernameField) {
- user.username = this.getUsername(user.services[this.name]);
+ user.username = user.services[this.name].username;
}
if (this.emailField) {
- user.email = this.getEmail(user.services[this.name]);
+ user.email = user.services[this.name].email;
}
if (this.nameField) {
- user.name = this.getCustomName(user.services[this.name]);
+ user.name = user.services[this.name].name;
}
if (this.mergeRoles) {
--
2.21.1 (Apple Git-122.3)
I've tried to push to your branch but I was blocked. |
|
The current code is processing the fields 2 times |
|
I've rebased my work on #develop regularly (last today with d223fb1). Is this something you just added or should this have been there before? |
|
@benkroeger I didn't add this to our code. It wasn't an issue before because wasn't possible to combine values via interpolation. For example, now the |
|
@rodrigok added your suggested modifications (and rebased again) |
|
@benkroeger thanks man, it was a great contribution. We are now in the feature freeze period during the Release Candidate of version 3.1. So we will merge this in a few days for the development of version 3.2. |
|
@benkroeger Glückwunsch 🥳 |
…nto view-logs * 'develop' of https://github.com/RocketChat/Rocket.Chat: (31 commits) Fixed componentes width (#17322) [IMPROVE] Administration -> Mailer Rewrite to React. (#17191) Regression: Storybook added flowrouter group mock (#17321) [NEW] Feature/custom oauth mail field and interpolation for mapped fields (#15690) [FIX] "Invalid Invite" message when registration is disabled (#17226) [FIX] Red color error outline is not removed after password update (#16536) [FIX] Change wording to start DM from info panel (#8799) New hooks for RouterContext (#17305) [FIX] SAML assertion signature enforcement (#17278) [FIX] LDAP users lose session on refresh (#17302) [NEW] Add MMS support to Voxtelesys (#17217) [FIX] Popover component doesn't have scroll (#17198) [FIX] Omnichannel SMS / WhatsApp integration errors due to missing location data (#17288) [FIX] User search on directory not working correctly (#17299) [FIX] Can not save Unread Tray Icon Alert user preference (#16288) (#16313) [FIX] Variable rendering problem on Import recent history page (#15997) [FIX] Admin panel custom sounds, multiple sound playback fix and added single play/pause button (#16215) [FIX] Discussions created from inside DMs were not working (#17282) [FIX] translation for nl (#16742) [FIX] No maxlength defined for custom user status (#16534) ...
CLOSES #11647
CLOSES #15693
CLOSES #13220
This PR adds the config option to pick
emailvalue from a different identity property (e.g.upn)It came to live when trying to use the O365 Graph user api as
identityPath. That endpoint provides the user's mail address under themailproperty, which would cause theemailfield in the user's identity to be empty.Also, since O365 Graph api adds a property
@odata.contextto the response json and mongodb doesn't allow document paths to contain.characters, this PR removes all properties that contain a.as the very last step innormalizeIdentity(happening last in order to allow intermediate steps to still work with those properties; e.g. lookup@odata....in thegetUsernamemethod).Also, when configuring Azure AD records to contain values like
employeeId, this could become a powerful combination to populate user records in RocketChat (mailas email andemployeeIdas username)UPDATE
73aebfa adds the possibility to use string interpolation in custom field mappings.
this allows to mix and match fragments of existing fields (identity response from provider) into new values (e.g. pick the leading part of email and use as username:
{{/^(.+)@/::email}})Note:
{{interpolation here}}{{email}}through a nested path{{foo.bar}}to a regexp applied to the value from a nested path{{/^(.+)@/::profile.email}}{{/^(.+)@/::email}}@rocket.chat. assumingemailhas the valuefoo@bar.comthe result would befoo@rocket.chat/and separated from the field selector with double colons::