Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-12-08 11:25:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add OIDC_USER_CLAIM (#3422)

Browse Source 
* feat: Add OIDC_USER_CLAIM

* fix: add validation
This commit is contained in:
tba-code
2024-04-04 16:16:54 -05:00
committed by GitHub
parent fa9a2d64f7
commit 1099e30a1d
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mealie/core/security/providers/openid_provider.py
View File

@@ -34,7 +34,7 @@ class OpenIDProvider(AuthProvider[OIDCRequest]):
repos = get_repositories(self.session)
user = self.try_get_user(claims.get("email"))
user = self.try_get_user(claims.get(settings.OIDC_USER_CLAIM))
group_claim = claims.get("groups", [])
is_admin = settings.OIDC_ADMIN_GROUP in group_claim if settings.OIDC_ADMIN_GROUP else False
is_valid_user = settings.OIDC_USER_GROUP in group_claim if settings.OIDC_USER_GROUP else True

5
mealie/core/settings/settings.py
View File

@@ -183,6 +183,7 @@ class AppSettings(BaseSettings):
OIDC_PROVIDER_NAME: str = "OAuth"
OIDC_REMEMBER_ME: bool = False
OIDC_SIGNING_ALGORITHM: str = "RS256"
OIDC_USER_CLAIM: str = "email"
@property
def OIDC_READY(self) -> bool:
@@ -190,7 +191,9 @@ class AppSettings(BaseSettings):
required = {self.OIDC_CLIENT_ID, self.OIDC_CONFIGURATION_URL}
not_none = None not in required
return self.OIDC_AUTH_ENABLED and not_none
valid_user_claim = self.OIDC_USER_CLAIM in ["email", "preferred_username"]
return self.OIDC_AUTH_ENABLED and not_none and valid_user_claim
# ===============================================
# Testing Config