From 38a4683babd66222e06f922d32fffb7c7fe0b6ce Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 7 Jul 2021 11:51:20 +0200 Subject: [PATCH] fix: role assertion (#1986) * fix: enum to display access token role assertion * improve assertion descriptions * fix nil pointer --- .../projects/apps/app-detail/app-detail.component.html | 2 +- console/src/assets/i18n/de.json | 6 +++--- console/src/assets/i18n/en.json | 8 ++++---- .../project/repository/eventsourcing/model/api_config.go | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html index a64c0bce32..50695bc427 100644 --- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.html +++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.html @@ -259,7 +259,7 @@ - {{'APP.OIDC.ACCESSTOKENROLEASSERTION' | translate}} diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 8b123c4afd..f98d38804d 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -907,7 +907,7 @@ "SELECTGROUPTOOLTIP": "Wähle alle Rollen der Gruppe {{group}} aus.", "OPTIONS": "Optionen", "ASSERTION": "Rollen bei Authentisierung mitschicken", - "ASSERTION_DESCRIPTION": "Rolleninformationen werden der Authentisierung per Token, UserInfo Endpoint oder anderen Methoden bereitgestellt, die in Applikationseinstellungen definiert sind.", + "ASSERTION_DESCRIPTION": "Rolleninformationen werden auf dem UserInfo Endpoint oder je nach Applikationseinstellungen in Tokens oder anderen Methoden bereitgestellt.", "CHECK": "Rollen bei Authentisierung prüfen", "CHECK_DESCRIPTION": "Ist das Attribut gesetzt, kann ein Benutzer nur mit einem entsprechenden Rolle authentifiziert werden." }, @@ -1172,9 +1172,9 @@ "OVERVIEWSECTION": "Übersicht", "OVERVIEWTITLE": "Deine Konfiguration ist bereit. Du kannst sie hier nochmals prüfen.", "ACCESSTOKENROLEASSERTION": "Benutzerrollen dem Access Token hinzufügen", - "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die Rollen des Authentifizierten Benutzers hinzugefügt.", + "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Access Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.", "IDTOKENROLEASSERTION": "Benutzerrollen im ID Token", - "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem Id Token die Rollen des Authentifizierten Benutzers hinzugefügt.", + "IDTOKENROLEASSERTION_DESCRIPTION": "Bei Auswahl werden dem ID Token die angeforderten Rollen des authentifizierten Benutzers hinzugefügt.", "IDTOKENUSERINFOASSERTION": "User Info im ID Token", "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Ermöglich OIDC clients claims von profile, email, phone und address direkt vom ID Token zu beziehen.", "CLOCKSKEW": "ermöglicht Clients, den Taktversatz von OP und Client zu verarbeiten. Die Dauer (0-5s) wird der exp addiert und von iats, auth_time und nbf abgezogen.", diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index 88a621132b..d3f3be4e7d 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -908,8 +908,8 @@ "CREATIONDATE": "Created", "SELECTGROUPTOOLTIP": "Select all Roles of the group {{group}}.", "OPTIONS": "Options", - "ASSERTION": "Assert Roles on Authentication.", - "ASSERTION_DESCRIPTION": "Roleinformation is sent as Token, Userinfo endpoint or other type, depending on your application settings.", + "ASSERTION": "Assert Roles on Authentication", + "ASSERTION_DESCRIPTION": "Role information is sent from Userinfo endpoint and depending on your application settings in tokens and other types.", "CHECK": "Check roles on Authentication", "CHECK_DESCRIPTION": "If set, users are only allowed to authenticate if any role is assigned to their account." }, @@ -1175,9 +1175,9 @@ "OVERVIEWSECTION": "Overview", "OVERVIEWTITLE": "You are now done. Review your configuration.", "ACCESSTOKENROLEASSERTION": "Add user roles to the access token", - "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the access token.", + "ACCESSTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the access token.", "IDTOKENROLEASSERTION": "User roles inside ID Token", - "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the roles of the authenticated user are added to the ID token.", + "IDTOKENROLEASSERTION_DESCRIPTION": "If selected, the requested roles of the authenticated user are added to the ID token.", "IDTOKENUSERINFOASSERTION": "User Info inside ID Token", "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Enables clients to retrieve profile, email, phone and address claims from ID token.", "CLOCKSKEW": "Enables clients to handle clock skew of OP and client. The duration (0-5s) will be added to exp claim and subtracted from iats, auth_time and nbf.", diff --git a/internal/project/repository/eventsourcing/model/api_config.go b/internal/project/repository/eventsourcing/model/api_config.go index fe666dfba2..06aae490a3 100644 --- a/internal/project/repository/eventsourcing/model/api_config.go +++ b/internal/project/repository/eventsourcing/model/api_config.go @@ -73,7 +73,7 @@ func (p *Project) appendChangeAPIConfigEvent(event *es_models.Event) error { } if i, a := GetApplication(p.Applications, config.AppID); a != nil { - if p.Applications[i].OIDCConfig == nil { + if p.Applications[i].APIConfig == nil { return errors.ThrowInvalidArgument(nil, "MODEL-ADbsd", "api config is nil") } return p.Applications[i].APIConfig.setData(event)