feat: add username and loginHint to redirect URL in HandleSamlRedirect of SAML IdP (#4162 )

feat: add the username parameter in SAML or OAuth2 (#4161 )
feat: support "permissionNames" field in JWT-Custom token (#4154 )
2025-09-10 12:50:29 +08:00 · 2025-09-07 14:18:35 +08:00 · 2025-09-06 22:03:18 +08:00 · 2025-09-06 00:05:47 +08:00 · 2025-09-04 08:10:42 +08:00
6 changed files with 29 additions and 18 deletions
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -59,8 +59,10 @@ func (c *ApiController) HandleSamlRedirect() {

 	relayState := c.Input().Get("RelayState")
 	samlRequest := c.Input().Get("SAMLRequest")
+	username := c.Input().Get("username")
+	loginHint := c.Input().Get("login_hint")

-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
+	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host, username, loginHint)

 	c.Redirect(targetURL, http.StatusSeeOther)
 }
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -26,6 +26,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"strings"
 	"time"

@@ -547,7 +548,14 @@ func NewSamlResponse11(application *Application, user *User, requestID string, h
 	return samlResponse, nil
 }

-func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string) string {
+func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string, username string, loginHint string) string {
 	originF, _ := getOriginFromHost(host)
-	return fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	baseURL := fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	if username != "" {
+		baseURL += fmt.Sprintf("&username=%s", url.QueryEscape(username))
+	}
+	if loginHint != "" {
+		baseURL += fmt.Sprintf("&login_hint=%s", url.QueryEscape(loginHint))
+	}
+	return baseURL
 }
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -370,6 +370,12 @@ func getClaimsCustom(claims Claims, tokenField []string) jwt.MapClaims {
 				res[fieldName] = finalField.Interface()
 			}

+		} else if field == "permissionNames" {
+			permissionNames := []string{}
+			for _, val := range claims.User.Permissions {
+				permissionNames = append(permissionNames, val.Name)
+			}
+			res[util.SnakeToCamel(util.CamelToSnakeCase(field))] = permissionNames
 		} else { // Use selected user field as claims.
 			userField := userValue.FieldByName(field)
 			if userField.IsValid() {
--- a/util/log.go
+++ b/util/log.go
@@ -16,6 +16,7 @@ package util

 import (
 	"fmt"
+	"net"
 	"net/http"
 	"strings"

@@ -28,20 +29,12 @@ func getIpInfo(clientIp string) string {
 		return ""
 	}

-	ips := strings.Split(clientIp, ",")
-	res := strings.TrimSpace(ips[0])
-	//res := ""
-	//for i := range ips {
-	//	ip := strings.TrimSpace(ips[i])
-	//	ipstr := fmt.Sprintf("%s: %s", ip, "")
-	//	if i != len(ips)-1 {
-	//		res += ipstr + " -> "
-	//	} else {
-	//		res += ipstr
-	//	}
-	//}
+	first := strings.TrimSpace(strings.Split(clientIp, ",")[0])
+	if host, _, err := net.SplitHostPort(first); err == nil {
+		return strings.Trim(host, "[]")
+	}

-	return res
+	return strings.Trim(first, "[]")
 }

 func GetClientIpFromRequest(req *http.Request) string {
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -463,7 +463,7 @@ class ApplicationEditPage extends React.Component {
            <Select virtual={false} disabled={this.state.application.tokenFormat !== "JWT-Custom"} mode="tags" showSearch style={{width: "100%"}} value={this.state.application.tokenFields} onChange={(value => {this.updateApplicationField("tokenFields", value);})}>
              <Option key={"provider"} value={"provider"}>{"Provider"}</Option>)
              {
-                Setting.getUserCommonFields().map((item, index) => <Option key={index} value={item}>{item}</Option>)
+                [...Setting.getUserCommonFields(), "permissionNames"].map((item, index) => <Option key={index} value={item}>{item}</Option>)
              }
            </Select>
          </Col>
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -47,6 +47,7 @@ class LoginPage extends React.Component {
  constructor(props) {
    super(props);
    this.captchaRef = React.createRef();
+    const urlParams = new URLSearchParams(this.props.location?.search);
    this.state = {
      classes: props,
      type: props.type,
@@ -70,6 +71,7 @@ class LoginPage extends React.Component {
      loginLoading: false,
      userCode: props.userCode ?? (props.match?.params?.userCode ?? null),
      userCodeStatus: "",
+      prefilledUsername: urlParams.get("username") || urlParams.get("login_hint"),
    };

    if (this.state.type === "cas" && props.match?.params.casApplicationName !== undefined) {
@@ -1011,7 +1013,7 @@ class LoginPage extends React.Component {
            organization: application.organization,
            application: application.name,
            autoSignin: !application?.signinItems.map(signinItem => signinItem.name === "Forgot password?" && signinItem.rule === "Auto sign in - False")?.includes(true),
-            username: Conf.ShowGithubCorner ? "admin" : "",
+            username: this.state.prefilledUsername || (Conf.ShowGithubCorner ? "admin" : ""),
            password: Conf.ShowGithubCorner ? "123" : "",
          }}
          onFinish={(values) => {
Author	SHA1	Message	Date
Dev Hjz	bf67be2af6	feat: add username and loginHint to redirect URL in HandleSamlRedirect of SAML IdP (#4162 )	2025-09-07 14:18:35 +08:00
DacongDA	bc94735a8d	feat: add the username parameter in SAML or OAuth2 (#4161 )	2025-09-06 22:03:18 +08:00
DacongDA	89c6ef5aae	feat: support "permissionNames" field in JWT-Custom token (#4154 )	2025-09-06 00:05:47 +08:00
anhuv	21da9f5ff2	feat: remove port from client IP in getIpInfo() (#4145 )	2025-09-04 08:10:42 +08:00