Compare commits

..

3 Commits

3 changed files with 8 additions and 18 deletions

View File

@ -1,5 +1,8 @@
build: clean
misc/script/build
build: clean generate
CGO_ENABLED=0 misc/script/build
generate:
go generate ./...
clean:
rm -rf bin

View File

@ -171,7 +171,7 @@ func newLoginEndHandler(ra oa2LoginReqAcceptor, auther authenticator, tmplRender
data := LoginTmplData{
CSRFToken: nosurf.Token(r),
Challenge: challenge,
LoginURL: r.URL.String(),
LoginURL: strings.TrimPrefix(r.URL.String(), "/"),
}
username, password := r.Form.Get("username"), r.Form.Get("password")

View File

@ -193,7 +193,7 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) (map[str
return nil, err
}
roles := make(map[string]interface{})
roles := make([]map[string]interface{}, 0)
for _, entry := range entries {
roleDN, ok := entry["dn"].(string)
if !ok || roleDN == "" {
@ -211,21 +211,8 @@ func (cli *Client) FindOIDCClaims(ctx context.Context, username string) (map[str
if n < k || !strings.EqualFold(roleDN[n-k:], cli.RoleBaseDN) {
panic("You should never see that")
}
// The DN without the role's base DN must contain a CN and OU
// where the CN is for uniqueness only, and the OU is an application id.
path := strings.Split(roleDN[:n-k-1], ",")
if len(path) != 2 {
log.Infow("A role's DN without the role's base DN must contain two nodes only",
"roleBaseDN", cli.RoleBaseDN, "roleDN", roleDN)
continue
}
appID := path[1][len("OU="):]
var appRoles []interface{}
if v := roles[appID]; v != nil {
appRoles = v.([]interface{})
}
roles[appID] = append(appRoles, entry[cli.RoleAttr])
roles = append(roles, entry)
}
claims[cli.RoleClaim] = roles