feat: Add object-path support to OIDC attribute mapping

Closes #1359
2025-12-23 09:15:09 +03:00 · 2025-12-04 17:38:39 +01:00
parent b94759d399
commit f030b78f82
3 changed files with 6 additions and 13 deletions
--- a/server/.buildignore
+++ b/server/.buildignore
@@ -13,12 +13,12 @@ version-template.ejs
 .gitignore
 .npmrc

-.tmp
-.venv
 dist
 logs
 node_modules
 test
+.tmp
+.venv

 views/*

--- a/server/api/helpers/users/get-or-create-one-with-oidc.js
+++ b/server/api/helpers/users/get-or-create-one-with-oidc.js
@@ -84,8 +84,8 @@ module.exports = {
      }
    }

-    const email = claims[sails.config.custom.oidcEmailAttribute];
-    const name = claims[sails.config.custom.oidcNameAttribute];
+    const email = _.get(claims, sails.config.custom.oidcEmailAttribute);
+    const name = _.get(claims, sails.config.custom.oidcNameAttribute);

    if (!email || !name) {
      throw 'missingValues';
@@ -93,7 +93,7 @@ module.exports = {

    let role = User.Roles.BOARD_USER;
    if (!sails.config.custom.oidcIgnoreRoles) {
-      const claimsRoles = claims[sails.config.custom.oidcRolesAttribute];
+      const claimsRoles = _.get(claims, sails.config.custom.oidcRolesAttribute);

      if (Array.isArray(claimsRoles)) {
        // Use a Set here to avoid quadratic time complexity
@@ -123,7 +123,7 @@ module.exports = {
      isSsoUser: true,
    };
    if (!sails.config.custom.oidcIgnoreUsername) {
-      values.username = claims[sails.config.custom.oidcUsernameAttribute];
+      values.username = _.get(claims, sails.config.custom.oidcUsernameAttribute);
    }

    // This whole block technically needs to be executed in a transaction
--- a/server/package-lock.json
+++ b/server/package-lock.json
@@ -432,7 +432,6 @@
      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.726.0.tgz",
      "integrity": "sha512-5JzTX9jwev7+y2Jkzjz0pd1wobB5JQfPOQF3N2DrJ5Pao0/k6uRYwE4NqB0p0HlGrMTDm7xNq7OSPPIPG575Jw==",
      "license": "Apache-2.0",
-      "peer": true,
      "dependencies": {
        "@aws-crypto/sha256-browser": "5.2.0",
        "@aws-crypto/sha256-js": "5.2.0",
@@ -486,7 +485,6 @@
      "resolved": "https://registry.npmjs.org/@aws-sdk/client-sts/-/client-sts-3.726.1.tgz",
      "integrity": "sha512-qh9Q9Vu1hrM/wMBOBIaskwnE4GTFaZu26Q6WHwyWNfj7J8a40vBxpW16c2vYXHLBtwRKM1be8uRLkmDwghpiNw==",
      "license": "Apache-2.0",
-      "peer": true,
      "dependencies": {
        "@aws-crypto/sha256-browser": "5.2.0",
        "@aws-crypto/sha256-js": "5.2.0",
@@ -2761,7 +2759,6 @@
      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "bin": {
        "acorn": "bin/acorn"
      },
@@ -4527,7 +4524,6 @@
      "deprecated": "This version is no longer supported. Please see https://eslint.org/version-support for other options.",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.2.0",
        "@eslint-community/regexpp": "^4.6.1",
@@ -4614,7 +4610,6 @@
      "integrity": "sha512-iI1f+D2ViGn+uvv5HuHVUamg8ll4tN+JRHGc6IJi4TP9Kl976C57fzPXgseXNs8v0iA8aSJpHsTWjDb9QJamGQ==",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "bin": {
        "eslint-config-prettier": "bin/cli.js"
      },
@@ -4678,7 +4673,6 @@
      "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "dependencies": {
        "@rtsao/scc": "^1.1.0",
        "array-includes": "^3.1.9",
@@ -8492,7 +8486,6 @@
      "integrity": "sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==",
      "dev": true,
      "license": "MIT",
-      "peer": true,
      "bin": {
        "prettier": "bin/prettier.cjs"
      },