🎉 Add the ability to specify email attr on oidc integration

CHANGES.md

@@ -19,6 +19,9 @@
 - New focus mode in workspace [Taiga #2748](https://tree.taiga.io/project/penpot/us/2748)
 - Changed text shapes to be displayed as natives SVG text elements [Taiga #2759](https://tree.taiga.io/project/penpot/us/2759)
 - Texts now can have strokes, multiple fills and can be used as masks
+- Add the ability to specify the attr for retrieve the email on OIDC integration [#1460](https://github.com/penpot/penpot/issues/1460)
+- Allow registration with invitation token when registration is disabled
+- Add the ability to disable standard, password login [Taiga #2999](https://tree.taiga.io/project/penpot/us/2999)
 
 ### :bug: Bugs fixed
 

backend/src/app/config.clj

@@ -90,7 +90,7 @@
 
 (s/def ::flags ::us/set-of-keywords)
 
-;; DEPRECATED PROPERTIES: should be removed in 1.10
+;; DEPRECATED PROPERTIES
 (s/def ::registration-enabled ::us/boolean)
 (s/def ::smtp-enabled ::us/boolean)
 (s/def ::telemetry-enabled ::us/boolean)
@@ -138,6 +138,8 @@
 (s/def ::oidc-scopes ::us/set-of-str)
 (s/def ::oidc-roles ::us/set-of-str)
 (s/def ::oidc-roles-attr ::us/keyword)
+(s/def ::oidc-email-attr ::us/keyword)
+(s/def ::oidc-name-attr ::us/keyword)
 (s/def ::host ::us/string)
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)
@@ -238,6 +240,8 @@
                    ::oidc-user-uri
                    ::oidc-scopes
                    ::oidc-roles-attr
+                   ::oidc-email-attr
+                   ::oidc-name-attr
                    ::oidc-roles
                    ::host
                    ::http-server-host

backend/src/app/http/oauth.clj

@@ -75,34 +75,51 @@
 
 (defn- retrieve-user-info
   [{:keys [provider http-client] :as cfg} tdata]
-  (p/then
+  (letfn [(retrieve []
-   (http-client {:uri (:user-uri provider)
+            (http-client {:uri (:user-uri provider)
-                 :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
+                          :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
-                 :timeout 6000
+                          :timeout 6000
-                 :method :get})
+                          :method :get}))
-   (fn [{:keys [status body] :as res}]
-     (if (= 200 status)
-       (let [info (json/read body)
-             info {:backend (:name provider)
-                   :email (get info :email)
-                   :fullname (get info :name)
-                   :props (->> (dissoc info :name :email)
-                               (qualify-props provider))}]
 
-         (when-not (s/valid? ::info info)
+          (validate-response [{:keys [status body] :as res}]
-           (l/warn :hint "received incomplete profile info object (please set correct scopes)"
+            (when-not (= 200 status)
-                   :info (pr-str info))
+              (ex/raise :type :internal
-           (ex/raise :type :internal
+                        :code :unable-to-retrieve-user-info
-                     :code :incomplete-user-info
+                        :hint "unable to retrieve user info"
-                     :hint "inconmplete user info"
+                        :http-status status
-                     :info info))
+                        :http-body body))
-         info)
+            res)
 
-       (ex/raise :type :internal
+          (get-email [info]
-                 :code :unable-to-retrieve-user-info
+            (let [attr-kw (cf/get :oidc-email-attr :email)]
-                 :hint "unable to retrieve user info"
+              (get info attr-kw)))
-                 :http-status status
+
-                 :http-body body)))))
+          (get-name [info]
+            (let [attr-kw (cf/get :oidc-name-attr :name)]
+              (get info attr-kw)))
+
+          (process-response [{:keys [body]}]
+            (let [info (json/read body)]
+              {:backend  (:name provider)
+               :email    (get-email info)
+               :fullname (get-name info)
+               :props (->> (dissoc info :name :email)
+                           (qualify-props provider))}))
+
+          (validate-info [info]
+            (when-not (s/valid? ::info info)
+              (l/warn :hint "received incomplete profile info object (please set correct scopes)"
+                      :info (pr-str info))
+              (ex/raise :type :internal
+                        :code :incomplete-user-info
+                        :hint "inconmplete user info"
+                        :info info))
+            info)]
+
+    (-> (retrieve)
+        (p/then' validate-response)
+        (p/then' process-response)
+        (p/then' validate-info))))
 
 (s/def ::backend ::us/not-empty-string)
 (s/def ::email ::us/not-empty-string)

common/src/app/common/spec.cljc

@@ -140,22 +140,26 @@
 
 ;; --- SPEC: set of Keywords
 
-(s/def ::set-of-keywords
+(letfn [(conform-fn [dest s]
-  (s/conformer
+          (let [xform (keep (fn [s]
-   (fn [s]
+                              (cond
-     (let [xform (comp
+                                (string? s) (keyword s)
-                  (map (fn [s]
+                                (keyword? s) s
-                         (cond
+                                :else nil)))]
-                           (string? s) (keyword s)
+            (cond
-                           (keyword? s) s
+              (set? s)    (into dest xform s)
-                           :else nil)))
+              (string? s) (into dest xform (str/words s))
-                  (filter identity))]
+              :else       ::s/invalid)))]
-       (cond
+
-         (set? s)    (into #{} xform s)
+  (s/def ::set-of-keywords
-         (string? s) (into #{} xform (str/words s))
+    (s/conformer
-         :else       ::s/invalid)))
+     (fn [s] (conform-fn #{} s))
-   (fn [s]
+     (fn [s] (str/join " " (map name s)))))
-     (str/join " " (map name s)))))
+
+  (s/def ::vec-of-keywords
+    (s/conformer
+     (fn [s] (conform-fn [] s))
+     (fn [s] (str/join " " (map name s))))))
 
 ;; --- SPEC: email