barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-04-30 09:28:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(oidc): support for all in-spec attributes and scopes (#777)

Browse Source 
* feat(oidc): support for all in-spec attributes and scopes

* add tests

* assert phone/email verified when either is set

* update tests

* add claims back to userinfo

* remove redundant column drop in migration

* fix duplicate migration id

* fix clobbered imports post-rebase
This commit is contained in:
Scott McKendry
2026-04-28 04:25:52 +12:00
committed by GitHub
parent c364b8682c
commit 5d95123dcb
19 changed files with 687 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/controller/user_controller.go
+35 -2
View File
@@ -4,6 +4,7 @@ import (
"fmt"
"time"
"github.com/tinyauthapp/tinyauth/internal/config"
"github.com/tinyauthapp/tinyauth/internal/repository"
"github.com/tinyauthapp/tinyauth/internal/service"
"github.com/tinyauthapp/tinyauth/internal/utils"
@@ -105,16 +106,32 @@ func (controller *UserController) loginHandler(c *gin.Context) {
controller.auth.RecordLoginAttempt(req.Username, true)
var localUser *config.User
if userSearch.Type == "local" {
user := controller.auth.GetLocalUser(userSearch.Username)
localUser = &user
}
if userSearch.Type == "local" && localUser != nil {
user := *localUser
if user.TotpSecret != "" {
tlog.App.Debug().Str("username", req.Username).Msg("User has TOTP enabled, requiring TOTP verification")
name := user.Attributes.Name
if name == "" {
name = utils.Capitalize(user.Username)
}
email := user.Attributes.Email
if email == "" {
email = utils.CompileUserEmail(user.Username, controller.config.CookieDomain)
}
err := controller.auth.CreateSessionCookie(c, &repository.Session{
Username: user.Username,
Name: utils.Capitalize(user.Username),
Email: utils.CompileUserEmail(user.Username, controller.config.CookieDomain),
Name: name,
Email: email,
Provider: "local",
TotpPending: true,
})
@@ -144,6 +161,15 @@ func (controller *UserController) loginHandler(c *gin.Context) {
Provider: "local",
}
if userSearch.Type == "local" && localUser != nil {
if localUser.Attributes.Name != "" {
sessionCookie.Name = localUser.Attributes.Name
}
if localUser.Attributes.Email != "" {
sessionCookie.Email = localUser.Attributes.Email
}
}
if userSearch.Type == "ldap" {
sessionCookie.Provider = "ldap"
}
@@ -258,6 +284,13 @@ func (controller *UserController) totpHandler(c *gin.Context) {
Provider: "local",
}
if user.Attributes.Name != "" {
sessionCookie.Name = user.Attributes.Name
}
if user.Attributes.Email != "" {
sessionCookie.Email = user.Attributes.Email
}
tlog.App.Trace().Interface("session_cookie", sessionCookie).Msg("Creating session cookie")
err = controller.auth.CreateSessionCookie(c, &sessionCookie)