Penpot/penpot
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-03-12 07:41:43 -05:00
Code Issues Activity

🐛 Add missing email scope to OIDC backend.

Browse source 
And additionaly emit a warn log message about the error.
This commit is contained in:
Andrey Antukh 2021-05-27 11:37:31 +02:00
parent f8f506a8be
commit e8919ee340
3 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
backend/src/app/http/oauth.clj
View file

@ -109,6 +109,17 @@
:cause e) :cause e)
nil))) nil)))
(s/def ::backend ::us/not-empty-string)
(s/def ::email ::us/not-empty-string)
(s/def ::fullname ::us/not-empty-string)
(s/def ::props (s/map-of ::us/keyword any?))
(s/def ::info
(s/keys :req-un [::backend
::email
::fullname
::props]))
(defn retrieve-info (defn retrieve-info
[{:keys [tokens provider] :as cfg} request] [{:keys [tokens provider] :as cfg} request]
(let [state (get-in request [:params :state]) (let [state (get-in request [:params :state])
@ -116,7 +127,10 @@
info (some->> (get-in request [:params :code]) info (some->> (get-in request [:params :code])
(retrieve-access-token cfg) (retrieve-access-token cfg)
(retrieve-user-info cfg))] (retrieve-user-info cfg))]
(when-not info
(when-not (s/valid? ::info info)
(l/warn :hint "received incomplete profile info object (please set correct scopes)"
:info (pr-str info))
(ex/raise :type :internal (ex/raise :type :internal
:code :unable-to-auth :code :unable-to-auth
:hint "no user info")) :hint "no user info"))
@ -236,7 +250,7 @@
:token-uri (cf/get :oidc-token-uri) :token-uri (cf/get :oidc-token-uri)
:auth-uri (cf/get :oidc-auth-uri) :auth-uri (cf/get :oidc-auth-uri)
:user-uri (cf/get :oidc-user-uri) :user-uri (cf/get :oidc-user-uri)
:scopes (cf/get :oidc-scopes #{"openid" "profile"}) :scopes (cf/get :oidc-scopes #{"openid" "profile" "email"})
:roles-attr (cf/get :oidc-roles-attr) :roles-attr (cf/get :oidc-roles-attr)
:roles (cf/get :oidc-roles) :roles (cf/get :oidc-roles)
:name "oidc"}] :name "oidc"}]

2
docker/images/config.env
View file

@ -42,7 +42,7 @@ PENPOT_REGISTRATION_ENABLED=true
# Comma separated list of allowed domains to register. Empty for allow # Comma separated list of allowed domains to register. Empty for allow
# all. # all.
PENPOT_REGISTRATION_DOMAIN_WHITELIST="" # PENPOT_REGISTRATION_DOMAIN_WHITELIST=""
# Penpot comes with the facility to create quick demo users that are # Penpot comes with the facility to create quick demo users that are
# automatically deleted after some time. This settings enables or # automatically deleted after some time. This settings enables or

2
docker/images/files/nginx-entrypoint.sh
View file

@ -97,7 +97,7 @@ update_registration_enabled() {
fi fi
} }
update_registration_enabled() { update_analytics_enabled() {
if [ -n "$PENPOT_ANALYTICS_ENABLED" ]; then if [ -n "$PENPOT_ANALYTICS_ENABLED" ]; then
sed -i \ sed -i \
-e "s|^//var penpotAnalyticsEnabled = .*;|var penpotAnalyticsEnabled = $PENPOT_ANALYTICS_ENABLED;|g" \ -e "s|^//var penpotAnalyticsEnabled = .*;|var penpotAnalyticsEnabled = $PENPOT_ANALYTICS_ENABLED;|g" \