diff --git a/CHANGES.md b/CHANGES.md index 7ed20e4f2..142ce7efb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -19,6 +19,9 @@ - New focus mode in workspace [Taiga #2748](https://tree.taiga.io/project/penpot/us/2748) - Changed text shapes to be displayed as natives SVG text elements [Taiga #2759](https://tree.taiga.io/project/penpot/us/2759) - Texts now can have strokes, multiple fills and can be used as masks +- Add the ability to specify the attr for retrieve the email on OIDC integration [#1460](https://github.com/penpot/penpot/issues/1460) +- Allow registration with invitation token when registration is disabled +- Add the ability to disable standard, password login [Taiga #2999](https://tree.taiga.io/project/penpot/us/2999) ### :bug: Bugs fixed diff --git a/backend/src/app/config.clj b/backend/src/app/config.clj index db9f9ec39..5d5f7a92b 100644 --- a/backend/src/app/config.clj +++ b/backend/src/app/config.clj @@ -90,7 +90,7 @@ (s/def ::flags ::us/set-of-keywords) -;; DEPRECATED PROPERTIES: should be removed in 1.10 +;; DEPRECATED PROPERTIES (s/def ::registration-enabled ::us/boolean) (s/def ::smtp-enabled ::us/boolean) (s/def ::telemetry-enabled ::us/boolean) @@ -138,6 +138,8 @@ (s/def ::oidc-scopes ::us/set-of-str) (s/def ::oidc-roles ::us/set-of-str) (s/def ::oidc-roles-attr ::us/keyword) +(s/def ::oidc-email-attr ::us/keyword) +(s/def ::oidc-name-attr ::us/keyword) (s/def ::host ::us/string) (s/def ::http-server-port ::us/integer) (s/def ::http-server-host ::us/string) @@ -238,6 +240,8 @@ ::oidc-user-uri ::oidc-scopes ::oidc-roles-attr + ::oidc-email-attr + ::oidc-name-attr ::oidc-roles ::host ::http-server-host diff --git a/backend/src/app/http/oauth.clj b/backend/src/app/http/oauth.clj index 096d93c71..4e2748529 100644 --- a/backend/src/app/http/oauth.clj +++ b/backend/src/app/http/oauth.clj @@ -75,34 +75,51 @@ (defn- retrieve-user-info [{:keys [provider http-client] :as cfg} tdata] - (p/then - (http-client {:uri (:user-uri provider) - :headers {"Authorization" (str (:type tdata) " " (:token tdata))} - :timeout 6000 - :method :get}) - (fn [{:keys [status body] :as res}] - (if (= 200 status) - (let [info (json/read body) - info {:backend (:name provider) - :email (get info :email) - :fullname (get info :name) - :props (->> (dissoc info :name :email) - (qualify-props provider))}] + (letfn [(retrieve [] + (http-client {:uri (:user-uri provider) + :headers {"Authorization" (str (:type tdata) " " (:token tdata))} + :timeout 6000 + :method :get})) - (when-not (s/valid? ::info info) - (l/warn :hint "received incomplete profile info object (please set correct scopes)" - :info (pr-str info)) - (ex/raise :type :internal - :code :incomplete-user-info - :hint "inconmplete user info" - :info info)) - info) + (validate-response [{:keys [status body] :as res}] + (when-not (= 200 status) + (ex/raise :type :internal + :code :unable-to-retrieve-user-info + :hint "unable to retrieve user info" + :http-status status + :http-body body)) + res) - (ex/raise :type :internal - :code :unable-to-retrieve-user-info - :hint "unable to retrieve user info" - :http-status status - :http-body body))))) + (get-email [info] + (let [attr-kw (cf/get :oidc-email-attr :email)] + (get info attr-kw))) + + (get-name [info] + (let [attr-kw (cf/get :oidc-name-attr :name)] + (get info attr-kw))) + + (process-response [{:keys [body]}] + (let [info (json/read body)] + {:backend (:name provider) + :email (get-email info) + :fullname (get-name info) + :props (->> (dissoc info :name :email) + (qualify-props provider))})) + + (validate-info [info] + (when-not (s/valid? ::info info) + (l/warn :hint "received incomplete profile info object (please set correct scopes)" + :info (pr-str info)) + (ex/raise :type :internal + :code :incomplete-user-info + :hint "inconmplete user info" + :info info)) + info)] + + (-> (retrieve) + (p/then' validate-response) + (p/then' process-response) + (p/then' validate-info)))) (s/def ::backend ::us/not-empty-string) (s/def ::email ::us/not-empty-string) diff --git a/common/src/app/common/spec.cljc b/common/src/app/common/spec.cljc index 083011b7b..03f3ddc37 100644 --- a/common/src/app/common/spec.cljc +++ b/common/src/app/common/spec.cljc @@ -140,22 +140,26 @@ ;; --- SPEC: set of Keywords -(s/def ::set-of-keywords - (s/conformer - (fn [s] - (let [xform (comp - (map (fn [s] - (cond - (string? s) (keyword s) - (keyword? s) s - :else nil))) - (filter identity))] - (cond - (set? s) (into #{} xform s) - (string? s) (into #{} xform (str/words s)) - :else ::s/invalid))) - (fn [s] - (str/join " " (map name s))))) +(letfn [(conform-fn [dest s] + (let [xform (keep (fn [s] + (cond + (string? s) (keyword s) + (keyword? s) s + :else nil)))] + (cond + (set? s) (into dest xform s) + (string? s) (into dest xform (str/words s)) + :else ::s/invalid)))] + + (s/def ::set-of-keywords + (s/conformer + (fn [s] (conform-fn #{} s)) + (fn [s] (str/join " " (map name s))))) + + (s/def ::vec-of-keywords + (s/conformer + (fn [s] (conform-fn [] s)) + (fn [s] (str/join " " (map name s)))))) ;; --- SPEC: email