0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-11 07:11:32 -05:00

🐛 Add missing email scope to OIDC backend.

And additionaly emit a warn log message about the error.
This commit is contained in:
Andrey Antukh 2021-05-27 11:37:31 +02:00
parent f8f506a8be
commit e8919ee340
3 changed files with 18 additions and 4 deletions

View file

@ -109,6 +109,17 @@
:cause e)
nil)))
(s/def ::backend ::us/not-empty-string)
(s/def ::email ::us/not-empty-string)
(s/def ::fullname ::us/not-empty-string)
(s/def ::props (s/map-of ::us/keyword any?))
(s/def ::info
(s/keys :req-un [::backend
::email
::fullname
::props]))
(defn retrieve-info
[{:keys [tokens provider] :as cfg} request]
(let [state (get-in request [:params :state])
@ -116,7 +127,10 @@
info (some->> (get-in request [:params :code])
(retrieve-access-token cfg)
(retrieve-user-info cfg))]
(when-not info
(when-not (s/valid? ::info info)
(l/warn :hint "received incomplete profile info object (please set correct scopes)"
:info (pr-str info))
(ex/raise :type :internal
:code :unable-to-auth
:hint "no user info"))
@ -236,7 +250,7 @@
:token-uri (cf/get :oidc-token-uri)
:auth-uri (cf/get :oidc-auth-uri)
:user-uri (cf/get :oidc-user-uri)
:scopes (cf/get :oidc-scopes #{"openid" "profile"})
:scopes (cf/get :oidc-scopes #{"openid" "profile" "email"})
:roles-attr (cf/get :oidc-roles-attr)
:roles (cf/get :oidc-roles)
:name "oidc"}]

View file

@ -42,7 +42,7 @@ PENPOT_REGISTRATION_ENABLED=true
# Comma separated list of allowed domains to register. Empty for allow
# all.
PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
# PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
# Penpot comes with the facility to create quick demo users that are
# automatically deleted after some time. This settings enables or

View file

@ -97,7 +97,7 @@ update_registration_enabled() {
fi
}
update_registration_enabled() {
update_analytics_enabled() {
if [ -n "$PENPOT_ANALYTICS_ENABLED" ]; then
sed -i \
-e "s|^//var penpotAnalyticsEnabled = .*;|var penpotAnalyticsEnabled = $PENPOT_ANALYTICS_ENABLED;|g" \