fix bug

juanfont · May 9, 2024 · bd78f56 · bd78f56
1 parent 77c6bca
commit bd78f56
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 54 deletions.
diff --git a/hscontrol/oidc.go b/hscontrol/oidc.go
@@ -350,15 +350,15 @@ func extractIDTokenClaims(
 		writer.WriteHeader(http.StatusBadRequest)
 		_, werr := writer.Write([]byte("Failed to decode id token claims"))
 		if werr != nil {
-			util.LogErr(err,"Failed to write response")
+			util.LogErr(err, "Failed to write response")
 		}
 		return nil, err
 	}
 
 	// Unmarshal the claims into a map
 	mappedClaims := make(map[string]interface{})
 	if err := json.Unmarshal(claims, &mappedClaims); err != nil {
-		util.LogErr(err,"Failed to unmarshal id token claims")
+		util.LogErr(err, "Failed to unmarshal id token claims")
 		return nil, err
 	}
 
@@ -388,24 +388,6 @@ func extractIDTokenClaims(
 	return &finalClaims, nil
 }
 
-// {
-// 	var claims IDTokenClaims
-// 	if err := idToken.Claims(&claims); err != nil {
-// 		util.LogErr(err, "Failed to decode id token claims")
-
-// 		writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
-// 		writer.WriteHeader(http.StatusBadRequest)
-// 		_, werr := writer.Write([]byte("Failed to decode id token claims"))
-// 		if werr != nil {
-// 			util.LogErr(err, "Failed to write response")
-// 		}
-
-// 		return nil, err
-// 	}
-
-// 	return &claims, nil
-// }
-
 // validateOIDCAllowedDomains checks that if AllowedDomains is provided,
 // that the authenticated principal ends with @<alloweddomain>.
 func validateOIDCAllowedDomains(
@@ -589,7 +571,7 @@ func getUserName(
 	writer http.ResponseWriter,
 	claims *IDTokenClaims,
 	stripEmaildomain bool,
-) (string, error) {		
+) (string, error) {
 	userName, err := util.NormalizeToFQDNRules(
 		claims.Username,
 		stripEmaildomain,

diff --git a/hscontrol/types/config.go b/hscontrol/types/config.go
@@ -126,34 +126,34 @@ type OIDCConfig struct {
 	ClientSecret               string
 	Scope                      []string
 	ExtraParams                map[string]string
-	ClaimsMap				   OIDCClaimsMap
-	Allowed 				   OIDCAllowedConfig
+	ClaimsMap                  OIDCClaimsMap
+	Allowed                    OIDCAllowedConfig
 	Expiry                     OIDCExpireConfig
-	Misc					   OIDCMiscConfig
+	Misc                       OIDCMiscConfig
 }
 
 type OIDCExpireConfig struct {
-	FromToken 	bool
-	FixedTime 	time.Duration
+	FromToken bool
+	FixedTime time.Duration
 }
 
 type OIDCAllowedConfig struct {
-	Domains 	[]string
-	Users   	[]string
-	Groups  	[]string
+	Domains []string
+	Users   []string
+	Groups  []string
 }
 
 type OIDCClaimsMap struct {
-	Name 		string
-	Username 	string
-	Email 		string
-	Groups 		string
+	Name     string
+	Username string
+	Email    string
+	Groups   string
 }
 
 type OIDCMiscConfig struct {
-	StripEmaildomain 	bool
-	FlattenGroups 		bool
-	FlattenSplter 		string
+	StripEmaildomain bool
+	FlattenGroups    bool
+	FlattenSplter    string
 }
 
 type DERPConfig struct {
@@ -254,9 +254,9 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("oidc.claims_map.email", "email")
 	viper.SetDefault("oidc.claims_map.groups", "groups")
 	// misc
-	viper.SetDefault("oidc.strip_email_domain", false)
-	viper.SetDefault("oidc.flatten_groups", false)
-	viper.SetDefault("oidc.flatten_splitter", "/")
+	viper.SetDefault("oidc.misc.strip_email_domain", false)
+	viper.SetDefault("oidc.misc.flatten_groups", false)
+	viper.SetDefault("oidc.misc.flatten_splitter", "/")
 
 	viper.SetDefault("logtail.enabled", false)
 	viper.SetDefault("randomize_client_port", false)
@@ -695,9 +695,9 @@ func GetOIDCConfig() (OIDCConfig, error) {
 	}
 	// get misc config
 	oidcMiscConfig := OIDCMiscConfig{
-		StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
-		FlattenGroups:    viper.GetBool("oidc.flatten_groups"),
-		FlattenSplter:    viper.GetString("oidc.flatten_splitter"),
+		StripEmaildomain: viper.GetBool("oidc.misc.strip_email_domain"),
+		FlattenGroups:    viper.GetBool("oidc.misc.flatten_groups"),
+		FlattenSplter:    viper.GetString("oidc.misc.flatten_splitter"),
 	}
 	// get client secret
 	oidcClientSecret := viper.GetString("oidc.client_secret")
@@ -716,15 +716,15 @@ func GetOIDCConfig() (OIDCConfig, error) {
 		OnlyStartIfOIDCIsAvailable: viper.GetBool(
 			"oidc.only_start_if_oidc_is_available",
 		),
-		Issuer:           viper.GetString("oidc.issuer"),
-		ClientID:         viper.GetString("oidc.client_id"),
-		ClientSecret:     oidcClientSecret,
-		Scope:            viper.GetStringSlice("oidc.scope"),
-		ExtraParams:      viper.GetStringMapString("oidc.extra_params"),
-		Allowed:          oidcAllowed,
-		ClaimsMap:        oidcClaimsMap,
-		Expiry:           oidcExpireConfig,
-		Misc:             oidcMiscConfig,
+		Issuer:       viper.GetString("oidc.issuer"),
+		ClientID:     viper.GetString("oidc.client_id"),
+		ClientSecret: oidcClientSecret,
+		Scope:        viper.GetStringSlice("oidc.scope"),
+		ExtraParams:  viper.GetStringMapString("oidc.extra_params"),
+		Allowed:      oidcAllowed,
+		ClaimsMap:    oidcClaimsMap,
+		Expiry:       oidcExpireConfig,
+		Misc:         oidcMiscConfig,
 	}
 	return OIDC, nil
 }
@@ -810,9 +810,9 @@ func GetHeadscaleConfig() (*Config, error) {
 
 		UnixSocket:           viper.GetString("unix_socket"),
 		UnixSocketPermission: util.GetFileMode("unix_socket_permission"),
-		OIDC: 			  	oidcConfig,
-		LogTail:             logConfig,
-		RandomizeClientPort: randomizeClientPort,
+		OIDC:                 oidcConfig,
+		LogTail:              logConfig,
+		RandomizeClientPort:  randomizeClientPort,
 
 		ACL: GetACLConfig(),