diff --git a/docs/en_US/oauth2.rst b/docs/en_US/oauth2.rst index 0059ed64f0b..cc4c0704bdd 100644 --- a/docs/en_US/oauth2.rst +++ b/docs/en_US/oauth2.rst @@ -34,12 +34,12 @@ and modify the values for the following parameters: "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization" "OAUTH2_SERVER_METADATA_URL", "Server metadata url for your OAuth2 provider" "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*" - "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github) and *userinfo* (for google)" + "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google)," "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile." "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button, ex: fa-github" "OAUTH2_BUTTON_COLOR", "Oauth2 button color" "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty - the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD)" + the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD), *email* (for Github)" "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically create a pgAdmin user corresponding to a successfully authenticated Oauth2 user. Please note that password is not stored in the pgAdmin database." diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 3db3a854d0b..bda2c4058f3 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -135,11 +135,41 @@ def get_friendly_name(self): def validate(self, form): return True, None + def get_profile_dict(self, profile): + """ + Returns the dictionary from profile + whether it's a list or dictionary. + Includes additional type checking. + """ + if isinstance(profile, list): + return profile[0] if profile else {} + elif isinstance(profile, dict): + return profile + else: + return {} + def login(self, form): profile = self.get_user_profile() - email_key = \ - [value for value in self.email_keys if value in profile.keys()] - email = profile[email_key[0]] if (len(email_key) > 0) else None + profile_dict = self.get_profile_dict(profile) + + current_app.logger.debug(f"profile: {profile}") + current_app.logger.debug(f"profile_dict: {profile_dict}") + + if not profile_dict: + error_msg = "No profile data found." + current_app.logger.exception(error_msg) + return False, gettext(error_msg) + + email_key = [ + value for value in self.email_keys + if value in profile_dict.keys() + ] + email = profile_dict[email_key[0]] if (len(email_key) > 0) else None + + if not email: + error_msg = "No email found in profile data." + current_app.logger.exception(error_msg) + return False, gettext(error_msg) username = email username_claim = None