fix name

Author: wxiaoguang

cmd/admin_auth_oauth.go

@@ -88,11 +88,11 @@ func oauthCLIFlags() []cli.Flag {
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
 		&cli.StringFlag{
-			Name:  "attribute-ssh-public-key",
+			Name:  "ssh-public-key-claim-name",
 			Usage: "Claim name that provides SSH public keys",
 		},
 		&cli.StringFlag{
-			Name:  "attribute-full-name",
+			Name:  "full-name-claim-name",
 			Usage: "Claim name that provides user's full name",
 		},
 		&cli.StringFlag{
@@ -185,8 +185,8 @@ func parseOAuth2Config(c *cli.Command) *oauth2.Source {
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
-		AttributeSSHPublicKey:         c.String("attribute-ssh-public-key"),
-		AttributeFullName:             c.String("attribute-full-name"),
+		SSHPublicKeyClaimName:         c.String("ssh-public-key-claim-name"),
+		FullNameClaimName:             c.String("full-name-claim-name"),
 	}
 }
 
@@ -278,11 +278,11 @@ func (a *authService) runUpdateOauth(ctx context.Context, c *cli.Command) error
 	if c.IsSet("group-team-map-removal") {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}
-	if c.IsSet("attribute-ssh-public-key") {
-		oAuth2Config.AttributeSSHPublicKey = c.String("attribute-ssh-public-key")
+	if c.IsSet("ssh-public-key-claim-name") {
+		oAuth2Config.SSHPublicKeyClaimName = c.String("ssh-public-key-claim-name")
 	}
-	if c.IsSet("attribute-full-name") {
-		oAuth2Config.AttributeFullName = c.String("attribute-full-name")
+	if c.IsSet("full-name-claim-name") {
+		oAuth2Config.FullNameClaimName = c.String("full-name-claim-name")
 	}
 
 	// update custom URL mapping

cmd/admin_auth_oauth_test.go

@@ -88,8 +88,8 @@ func TestAddOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=true",
-				"--attribute-ssh-public-key", "attr_ssh_pub_key",
-				"--attribute-full-name", "attr_full_name",
+				"--ssh-public-key-claim-name", "attr_ssh_pub_key",
+				"--full-name-claim-name", "attr_full_name",
 			},
 			source: &auth_model.Source{
 				Type:     auth_model.OAuth2,
@@ -115,8 +115,8 @@ func TestAddOauth(t *testing.T) {
 					RestrictedGroup:       "restricted",
 					GroupTeamMap:          `{"group1": [1,2]}`,
 					GroupTeamMapRemoval:   true,
-					AttributeSSHPublicKey: "attr_ssh_pub_key",
-					AttributeFullName:     "attr_full_name",
+					SSHPublicKeyClaimName: "attr_ssh_pub_key",
+					FullNameClaimName:     "attr_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},
@@ -236,8 +236,8 @@ func TestUpdateOauth(t *testing.T) {
 					RestrictedGroup:       "old_restricted",
 					GroupTeamMap:          `{"old_group1": [1,2]}`,
 					GroupTeamMapRemoval:   true,
-					AttributeSSHPublicKey: "old_ssh_pub_key",
-					AttributeFullName:     "old_full_name",
+					SSHPublicKeyClaimName: "old_ssh_pub_key",
+					FullNameClaimName:     "old_full_name",
 				},
 				TwoFactorPolicy: "",
 			},
@@ -263,8 +263,8 @@ func TestUpdateOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=false",
-				"--attribute-ssh-public-key", "new_ssh_pub_key",
-				"--attribute-full-name", "new_full_name",
+				"--ssh-public-key-claim-name", "new_ssh_pub_key",
+				"--full-name-claim-name", "new_full_name",
 			},
 			authSource: &auth_model.Source{
 				ID:       1,
@@ -291,8 +291,8 @@ func TestUpdateOauth(t *testing.T) {
 					RestrictedGroup:       "restricted",
 					GroupTeamMap:          `{"group1": [1,2]}`,
 					GroupTeamMapRemoval:   false,
-					AttributeSSHPublicKey: "new_ssh_pub_key",
-					AttributeFullName:     "new_full_name",
+					SSHPublicKeyClaimName: "new_ssh_pub_key",
+					FullNameClaimName:     "new_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},

options/locale/locale_en-US.ini

@@ -3252,6 +3252,8 @@ auths.oauth2_required_claim_name_helper = Set this name to restrict login from t
 auths.oauth2_required_claim_value = Required Claim Value
 auths.oauth2_required_claim_value_helper = Set this value to restrict login from this source to users with a claim with this name and value
 auths.oauth2_group_claim_name = Claim name providing group names for this source. (Optional)
+auths.oauth2_full_name_claim_name = Full Name Claim Name. (Optional, if set, the user's full name will always be synchronized with this claim)
+auths.oauth2_ssh_public_key_claim_name = SSH Public Key Claim Name
 auths.oauth2_admin_group = Group Claim value for administrator users. (Optional - requires claim name above)
 auths.oauth2_restricted_group = Group Claim value for restricted users. (Optional - requires claim name above)
 auths.oauth2_map_group_to_team = Map claimed groups to Organization teams. (Optional - requires claim name above)

routers/web/admin/auths.go

@@ -200,8 +200,8 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
 		GroupTeamMap:                  form.Oauth2GroupTeamMap,
 		GroupTeamMapRemoval:           form.Oauth2GroupTeamMapRemoval,
 
-		AttributeSSHPublicKey: form.Oauth2AttributeSSHPublicKey,
-		AttributeFullName:     form.Oauth2AttributeFullName,
+		SSHPublicKeyClaimName: form.Oauth2SSHPublicKeyClaimName,
+		FullNameClaimName:     form.Oauth2FullNameClaimName,
 	}
 }
 

routers/web/auth/oauth_signin_sync.go

@@ -28,14 +28,14 @@ func oauth2SignInSync(ctx *context.Context, authSource *auth.Source, u *user_mod
 	}
 
 	// sync full name
-	fullNameKey := util.IfZero(oauth2Source.AttributeFullName, "name")
+	fullNameKey := util.IfZero(oauth2Source.FullNameClaimName, "name")
 	fullName, _ := gothUser.RawData[fullNameKey].(string)
 	fullName = util.IfZero(fullName, gothUser.Name)
 
 	// need to update if the user has no full name set
 	shouldUpdateFullName := u.FullName == ""
 	// force to update if the attribute is set
-	shouldUpdateFullName = shouldUpdateFullName || oauth2Source.AttributeFullName != ""
+	shouldUpdateFullName = shouldUpdateFullName || oauth2Source.FullNameClaimName != ""
 	// only update if the full name is different
 	shouldUpdateFullName = shouldUpdateFullName && u.FullName != fullName
 	if shouldUpdateFullName {
@@ -52,7 +52,7 @@ func oauth2SignInSync(ctx *context.Context, authSource *auth.Source, u *user_mod
 }
 
 func oauth2SyncGetSSHKeys(source *oauth2.Source, gothUser *goth.User) ([]string, error) {
-	value, exists := gothUser.RawData[source.AttributeSSHPublicKey]
+	value, exists := gothUser.RawData[source.SSHPublicKeyClaimName]
 	if !exists {
 		return []string{}, nil
 	}
@@ -74,7 +74,7 @@ func oauth2SyncGetSSHKeys(source *oauth2.Source, gothUser *goth.User) ([]string,
 
 func oauth2UpdateSSHPubIfNeed(ctx *context.Context, authSource *auth.Source, gothUser *goth.User, user *user_model.User) error {
 	oauth2Source, _ := authSource.Cfg.(*oauth2.Source)
-	if oauth2Source == nil || oauth2Source.AttributeSSHPublicKey == "" {
+	if oauth2Source == nil || oauth2Source.SSHPublicKeyClaimName == "" {
 		return nil
 	}
 	sshKeys, err := oauth2SyncGetSSHKeys(oauth2Source, gothUser)

services/auth/source/oauth2/source.go

@@ -28,8 +28,8 @@ type Source struct {
 	GroupTeamMapRemoval bool
 	RestrictedGroup     string
 
-	AttributeSSHPublicKey string
-	AttributeFullName     string
+	SSHPublicKeyClaimName string
+	FullNameClaimName     string
 }
 
 // FromDB fills up an OAuth2Config from serialized format.

services/forms/auth_form.go

@@ -85,8 +85,8 @@ type AuthenticationForm struct {
 	Oauth2RestrictedGroup         string
 	Oauth2GroupTeamMap            string `binding:"ValidGroupTeamMap"`
 	Oauth2GroupTeamMapRemoval     bool
-	Oauth2AttributeSSHPublicKey   string
-	Oauth2AttributeFullName       string
+	Oauth2SSHPublicKeyClaimName   string
+	Oauth2FullNameClaimName       string
 
 	// SSPI
 	SSPIAutoCreateUsers      bool

templates/admin/auth/edit.tmpl

@@ -318,12 +318,12 @@
 						<input id="oauth2_scopes" name="oauth2_scopes" value="{{if $cfg.Scopes}}{{StringUtils.Join $cfg.Scopes ","}}{{end}}">
 					</div>
 					<div class="field">
-						<label>{{ctx.Locale.Tr "admin.auths.attribute_full_name"}}</label>
-						<input name="oauth2_attribute_full_name" value="{{$cfg.AttributeFullName}}" placeholder="name">
+						<label>{{ctx.Locale.Tr "admin.auths.oauth2_full_name_claim_name"}}</label>
+						<input name="oauth2_full_name_claim_name" value="{{$cfg.FullNameClaimName}}" placeholder="name">
 					</div>
-					<div class="field oauth2_attribute_ssh_public_key">
-						<label>{{ctx.Locale.Tr "admin.auths.attribute_ssh_public_key"}}</label>
-						<input name="oauth2_attribute_ssh_public_key" value="{{$cfg.AttributeSSHPublicKey}}" placeholder="sshpubkey">
+					<div class="field oauth2_ssh_public_key_claim_name">
+						<label>{{ctx.Locale.Tr "admin.auths.oauth2_ssh_public_key_claim_name"}}</label>
+						<input name="oauth2_ssh_public_key_claim_name" value="{{$cfg.SSHPublicKeyClaimName}}" placeholder="sshpubkey">
 					</div>
 					<div class="field">
 						<label for="oauth2_required_claim_name">{{ctx.Locale.Tr "admin.auths.oauth2_required_claim_name"}}</label>

templates/admin/auth/source/oauth.tmpl

@@ -81,12 +81,12 @@
 	</div>
 
 	<div class="field">
-		<label>{{ctx.Locale.Tr "admin.auths.attribute_full_name"}}</label>
-		<input name="oauth2_attribute_full_name" value="{{.attribute_fullname}}" placeholder="name">
+		<label>{{ctx.Locale.Tr "admin.auths.oauth2_full_name_claim_name"}}</label>
+		<input name="oauth2_full_name_claim_name" value="{{.oauth2_full_name_claim_name}}" placeholder="name">
 	</div>
-	<div class="field oauth2_attribute_ssh_public_key">
-		<label>{{ctx.Locale.Tr "admin.auths.attribute_ssh_public_key"}}</label>
-		<input name="oauth2_attribute_ssh_public_key" value="{{.attribute_ssh_public_key}}" placeholder="sshpubkey">
+	<div class="field oauth2_ssh_public_key_claim_name">
+		<label>{{ctx.Locale.Tr "admin.auths.oauth2_ssh_public_key_claim_name"}}</label>
+		<input name="oauth2_ssh_public_key_claim_name" value="{{.oauth2_ssh_public_key_claim_name}}" placeholder="sshpubkey">
 	</div>
 	<div class="field">
 		<label for="oauth2_required_claim_name">{{ctx.Locale.Tr "admin.auths.oauth2_required_claim_name"}}</label>

tests/integration/oauth_test.go

@@ -972,8 +972,8 @@ func TestSignInOauthCallbackSyncSSHKeys(t *testing.T) {
 	oauth2Source := oauth2.Source{
 		Provider:                      "openidConnect",
 		ClientID:                      "test-client-id",
-		AttributeSSHPublicKey:         "sshpubkey",
-		AttributeFullName:             "name",
+		SSHPublicKeyClaimName:         "sshpubkey",
+		FullNameClaimName:             "name",
 		OpenIDConnectAutoDiscoveryURL: mockServer.URL + "/.well-known/openid-configuration",
 	}
 	addOAuth2Source(t, "test-oidc-source", oauth2Source)