From fd65220b91ee03788b960b377d906897f469b213 Mon Sep 17 00:00:00 2001 From: mr Date: Wed, 27 Nov 2024 12:36:37 +0100 Subject: [PATCH] add groups in claims --- infrastructure/auth_connector/hydra_connector.go | 2 +- infrastructure/claims/claims.go | 8 ++++++-- infrastructure/claims/hydra_claims.go | 12 ++++++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/infrastructure/auth_connector/hydra_connector.go b/infrastructure/auth_connector/hydra_connector.go index 0d3a2ef..eda0829 100644 --- a/infrastructure/auth_connector/hydra_connector.go +++ b/infrastructure/auth_connector/hydra_connector.go @@ -184,7 +184,7 @@ func (a HydraConnector) Login(username string, cookies ...*http.Cookie) (t *Toke now = now.Add(time.Duration(token.ExpiresIn) * time.Second) unix := now.Unix() - c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer).Url) + c := claims.GetClaims().AddClaimsToToken(username, pp.Data[0].(*peer.Peer)) c.Session.AccessToken["exp"] = unix b, _ = json.Marshal(c) diff --git a/infrastructure/claims/claims.go b/infrastructure/claims/claims.go index bca9ee9..f326b07 100644 --- a/infrastructure/claims/claims.go +++ b/infrastructure/claims/claims.go @@ -1,10 +1,14 @@ package claims -import "oc-auth/conf" +import ( + "oc-auth/conf" + + "cloud.o-forge.io/core/oc-lib/models/peer" +) // Tokenizer interface type ClaimService interface { - AddClaimsToToken(userId string, host string) Claims + AddClaimsToToken(userId string, peer *peer.Peer) Claims DecodeClaimsInToken(host string, method string, forward string, sessionClaims Claims, publicKey string, external bool) (bool, error) } diff --git a/infrastructure/claims/hydra_claims.go b/infrastructure/claims/hydra_claims.go index b7bba25..6389253 100644 --- a/infrastructure/claims/hydra_claims.go +++ b/infrastructure/claims/hydra_claims.go @@ -11,6 +11,7 @@ import ( "strings" "time" + "cloud.o-forge.io/core/oc-lib/models/peer" "cloud.o-forge.io/core/oc-lib/tools" ) @@ -125,7 +126,7 @@ func (h HydraClaims) DecodeClaimsInToken(host string, method string, forward str } // add claims to token method of HydraTokenizer -func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims { +func (h HydraClaims) AddClaimsToToken(userId string, p *peer.Peer) Claims { claims := Claims{} perms, err := perms_connectors.KetoConnector{}.GetPermissionByUser(userId, true) if err != nil { @@ -140,10 +141,17 @@ func (h HydraClaims) AddClaimsToToken(userId string, host string) Claims { } claims.Session.AccessToken[key] = perm.Subject } - sign, err := h.encodeSignature(host) + sign, err := h.encodeSignature(p.Url) if err != nil { return claims } + claims.Session.IDToken["peer_id"] = p.UUID + // we should get group from user + groups, err := perms_connectors.KetoConnector{}.GetGroupByUser(userId) + if err != nil { + return claims + } + claims.Session.IDToken["groups"] = groups claims.Session.IDToken["signature"] = sign return claims }