From c60d3b49ed3bc5bb923842596c2c908a0bee0c0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Wed, 22 Jan 2025 22:26:17 +0100 Subject: [PATCH 1/7] feat: [pgadminoauth2] add support for oauth2 profile arrays, empty error log --- web/pgadmin/authenticate/oauth2.py | 31 ++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 3db3a854d0b..1fef2b39e47 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -135,11 +135,38 @@ def get_friendly_name(self): def validate(self, form): return True, None + def get_profile_dict(self, profile): + """ + Returns the dictionary from profile whether it's a list or dictionary. + Includes additional type checking. + """ + if isinstance(profile, list): + return profile[0] if profile else {} + elif isinstance(profile, dict): + return profile + else: + return {} + def login(self, form): profile = self.get_user_profile() + profile_dict = self.get_profile_dict(profile) + + current_app.logger.debug(f"profile: {profile}") + current_app.logger.debug(f"profile_dict: {profile_dict}") + + if not profile_dict: + error_msg = "No profile data found." + current_app.logger.exception(error_msg) + return False, gettext(error_msg) + email_key = \ - [value for value in self.email_keys if value in profile.keys()] - email = profile[email_key[0]] if (len(email_key) > 0) else None + [value for value in self.email_keys if value in profile_dict.keys()] + email = profile_dict[email_key[0]] if (len(email_key) > 0) else None + + if not email: + error_msg = "No email found in profile data." + current_app.logger.exception(error_msg) + return False, gettext(error_msg) username = email username_claim = None From d9cac0da1bf3592ea5b1143c95375db84ea674a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Thu, 23 Jan 2025 21:22:17 +0100 Subject: [PATCH 2/7] fix: max line width --- web/pgadmin/authenticate/oauth2.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 1fef2b39e47..18ee97e1c71 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -137,7 +137,8 @@ def validate(self, form): def get_profile_dict(self, profile): """ - Returns the dictionary from profile whether it's a list or dictionary. + Returns the dictionary from profile + whether it's a list or dictionary. Includes additional type checking. """ if isinstance(profile, list): From 0923c4c4724178ee70069179393ec00a4ed76fe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Thu, 23 Jan 2025 21:22:24 +0100 Subject: [PATCH 3/7] feat: extend readme --- docs/en_US/oauth2.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en_US/oauth2.rst b/docs/en_US/oauth2.rst index 0059ed64f0b..cc4c0704bdd 100644 --- a/docs/en_US/oauth2.rst +++ b/docs/en_US/oauth2.rst @@ -34,12 +34,12 @@ and modify the values for the following parameters: "OAUTH2_AUTHORIZATION_URL", "Endpoint for user authorization" "OAUTH2_SERVER_METADATA_URL", "Server metadata url for your OAuth2 provider" "OAUTH2_API_BASE_URL", "Oauth2 base URL endpoint to make requests simple, ex: *https://api.github.com/*" - "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github) and *userinfo* (for google)" + "OAUTH2_USERINFO_ENDPOINT", "User Endpoint, ex: *user* (for github, or *user/emails* if the user's email address is private) and *userinfo* (for google)," "OAUTH2_SCOPE", "Oauth scope, ex: 'openid email profile'. Note that an 'email' claim is required in the resulting profile." "OAUTH2_ICON", "The Font-awesome icon to be placed on the oauth2 button, ex: fa-github" "OAUTH2_BUTTON_COLOR", "Oauth2 button color" "OAUTH2_USERNAME_CLAIM", "The claim which is used for the username. If the value is empty - the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD)" + the email is used as username, but if a value is provided, the claim has to exist. Ex: *oid* (for AzureAD), *email* (for Github)" "OAUTH2_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically create a pgAdmin user corresponding to a successfully authenticated Oauth2 user. Please note that password is not stored in the pgAdmin database." From 77777cc9159aa697164638d648d76fabef06b2ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Fri, 24 Jan 2025 10:08:26 +0100 Subject: [PATCH 4/7] fix: line widht --- web/pgadmin/authenticate/oauth2.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 18ee97e1c71..c72d4f42c51 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -160,8 +160,10 @@ def login(self, form): current_app.logger.exception(error_msg) return False, gettext(error_msg) - email_key = \ - [value for value in self.email_keys if value in profile_dict.keys()] + email_key =[ + value for value in self.email_keys + if value in profile_dict.keys() + ] email = profile_dict[email_key[0]] if (len(email_key) > 0) else None if not email: From 61617dabbdd9492c52d5002b36d2a0f469793e6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Fri, 24 Jan 2025 10:10:57 +0100 Subject: [PATCH 5/7] fix: empty line whitespaces --- web/pgadmin/authenticate/oauth2.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index c72d4f42c51..3210b6727ec 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -137,7 +137,7 @@ def validate(self, form): def get_profile_dict(self, profile): """ - Returns the dictionary from profile + Returns the dictionary from profile whether it's a list or dictionary. Includes additional type checking. """ @@ -151,15 +151,15 @@ def get_profile_dict(self, profile): def login(self, form): profile = self.get_user_profile() profile_dict = self.get_profile_dict(profile) - + current_app.logger.debug(f"profile: {profile}") current_app.logger.debug(f"profile_dict: {profile_dict}") - + if not profile_dict: error_msg = "No profile data found." current_app.logger.exception(error_msg) return False, gettext(error_msg) - + email_key =[ value for value in self.email_keys if value in profile_dict.keys() From 70b64bc78851095a5c0b4fde0f3938bec8f304ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Fri, 24 Jan 2025 10:52:39 +0100 Subject: [PATCH 6/7] fix whitespace --- web/pgadmin/authenticate/oauth2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index 3210b6727ec..e29b58df7c3 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -160,7 +160,7 @@ def login(self, form): current_app.logger.exception(error_msg) return False, gettext(error_msg) - email_key =[ + email_key = [ value for value in self.email_keys if value in profile_dict.keys() ] From 94065147e508cf23cf1ef8435ae2cb6a3005ec81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krist=C3=B3f=20Hauser?= Date: Fri, 24 Jan 2025 14:31:51 +0100 Subject: [PATCH 7/7] fix whitespace --- web/pgadmin/authenticate/oauth2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/pgadmin/authenticate/oauth2.py b/web/pgadmin/authenticate/oauth2.py index e29b58df7c3..bda2c4058f3 100644 --- a/web/pgadmin/authenticate/oauth2.py +++ b/web/pgadmin/authenticate/oauth2.py @@ -161,7 +161,7 @@ def login(self, form): return False, gettext(error_msg) email_key = [ - value for value in self.email_keys + value for value in self.email_keys if value in profile_dict.keys() ] email = profile_dict[email_key[0]] if (len(email_key) > 0) else None