feat: add default user mapping in custom oauth2 provider (#2819 )

feat: fix user cannot logout issue about bug in GetSessionToken()
2025-07-08 09:01:00 +08:00 · 2024-03-18 23:01:17 +08:00 · 2024-03-18 02:11:39 +08:00
6 changed files with 45 additions and 27 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@ -435,16 +435,16 @@ func (c *ApiController) GetAccount() {
 		return
 	}

-	token := c.GetSessionToken()
-	if token == nil {
-		token, err = object.GetTokenForExtension(user, c.Ctx.Request.Host)
+	accessToken := c.GetSessionToken()
+	if accessToken == "" {
+		accessToken, err = object.GetAccessTokenByUser(user, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		c.SetSessionToken(token)
+		c.SetSessionToken(accessToken)
 	}
-	u.AccessToken = token.AccessToken
+	u.AccessToken = accessToken

 	resp := Response{
 		Status: "ok",
--- a/controllers/base.go
+++ b/controllers/base.go
@ -122,15 +122,13 @@ func (c *ApiController) GetSessionUsername() string {
 	return user.(string)
 }

-func (c *ApiController) GetSessionToken() *object.Token {
-	tokenValue := c.GetSession("token")
-	var token *object.Token
-	var ok bool
-	if token, ok = tokenValue.(*object.Token); !ok {
-		token = nil
+func (c *ApiController) GetSessionToken() string {
+	accessToken := c.GetSession("accessToken")
+	if accessToken == nil {
+		return ""
 	}

-	return token
+	return accessToken.(string)
 }

 func (c *ApiController) GetSessionApplication() *object.Application {
@ -153,7 +151,7 @@ func (c *ApiController) ClearUserSession() {
 }

 func (c *ApiController) ClearTokenSession() {
-	c.SetSessionToken(nil)
+	c.SetSessionToken("")
 }

 func (c *ApiController) GetSessionOidc() (string, string) {
@ -182,8 +180,8 @@ func (c *ApiController) SetSessionUsername(user string) {
 	c.SetSession("username", user)
 }

-func (c *ApiController) SetSessionToken(token *object.Token) {
-	c.SetSession("token", token)
+func (c *ApiController) SetSessionToken(accessToken string) {
+	c.SetSession("accessToken", accessToken)
 }

 // GetSessionData ...
--- a/idp/custom.go
+++ b/idp/custom.go
@ -98,11 +98,19 @@ func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		return nil, err
 	}

+	requiredFields := []string{"id", "username", "displayName"}
+	for _, field := range requiredFields {
+		_, ok := idp.UserMapping[field]
+		if !ok {
+			return nil, fmt.Errorf("cannot find %s in userMapping, please check your configuration in custom provider", field)
+		}
+	}
+
 	// map user info
 	for k, v := range idp.UserMapping {
 		_, ok := dataMap[v]
 		if !ok {
-			return nil, fmt.Errorf("cannot find %s in user from castom provider", v)
+			return nil, fmt.Errorf("cannot find %s in user from custom provider", v)
 		}
 		dataMap[k] = dataMap[v]
 	}
--- a/object/init.go
+++ b/object/init.go
@ -45,7 +45,6 @@ func InitDb() {
 	}

 	initWebAuthn()
-	initToken()
 }

 func getBuiltInAccountItems() []*AccountItem {
@ -310,10 +309,6 @@ func initWebAuthn() {
 	gob.Register(webauthn.SessionData{})
 }

-func initToken() {
-	gob.Register(&Token{})
-}
-
 func initBuiltInUserModel() {
 	model, err := GetModel("built-in/user-model-built-in")
 	if err != nil {
--- a/object/token_oauth.go
+++ b/object/token_oauth.go
@ -727,18 +727,19 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 	return token, nil, nil
 }

-func GetTokenForExtension(user *User, host string) (*Token, error) {
+func GetAccessTokenByUser(user *User, host string) (string, error) {
 	application, err := GetApplicationByUser(user)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
 	if application == nil {
-		return nil, fmt.Errorf("the application for user %s is not found", user.Id)
+		return "", fmt.Errorf("the application for user %s is not found", user.Id)
 	}

 	token, err := GetTokenByUser(application, user, "profile", "", host)
 	if err != nil {
-		return nil, err
+		return "", err
 	}
-	return token, nil
+
+	return token.AccessToken, nil
 }
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -40,6 +40,14 @@ require("codemirror/mode/css/css");
 const {Option} = Select;
 const {TextArea} = Input;

+const defaultUserMapping = {
+  id: "id",
+  username: "username",
+  displayName: "displayName",
+  email: "email",
+  avatarUrl: "avatarUrl",
+};
+
 class ProviderEditPage extends React.Component {
  constructor(props) {
    super(props);
@ -70,7 +78,7 @@ class ProviderEditPage extends React.Component {

        if (res.status === "ok") {
          const provider = res.data;
-          provider.userMapping = provider.userMapping || {};
+          provider.userMapping = provider.userMapping || defaultUserMapping;
          this.setState({
            provider: provider,
          });
@ -141,8 +149,16 @@ class ProviderEditPage extends React.Component {
  }

  updateUserMappingField(key, value) {
+    const requiredKeys = ["id", "username", "displayName"];
    const provider = this.state.provider;
+
+    if (value === "" && requiredKeys.includes(key)) {
+      Setting.showMessage("error", i18next.t("provider:This field is required"));
+      return;
+    }
+
    provider.userMapping[key] = value;
+
    this.setState({
      provider: provider,
    });
Author	SHA1	Message	Date
Yaodong Yu	44ae76503e	feat: add default user mapping in custom oauth2 provider (#2819 )	2024-03-18 23:01:17 +08:00
Yang Luo	ae1634a4d5	feat: fix user cannot logout issue about bug in GetSessionToken()	2024-03-18 02:11:39 +08:00