fix: username mapping of idp (#2977)

* docs: add primary domain scope section to identity brokering guide * fix: register overview * Update external_register_overview.html * fix mapping * fix html Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2024-12-12 02:54:20 +00:00 · 2022-01-11 17:59:12 +01:00 · 2022-01-11 17:59:12 +01:00 · 41ec3321b0
commit 41ec3321b0
parent 2355fcb7cf
4 changed files with 25 additions and 14 deletions
--- a/internal/query/org_domain.go
+++ b/internal/query/org_domain.go
@ -48,6 +48,10 @@ func NewOrgDomainOrgIDSearchQuery(value string) (SearchQuery, error) {
 	return NewTextQuery(OrgDomainOrgIDCol, value, TextEquals)
 }

+func NewOrgDomainVerifiedSearchQuery(verified bool) (SearchQuery, error) {
+	return NewBoolQuery(OrgDomainIsVerifiedCol, verified)
+}
+
 func (q *Queries) SearchOrgDomains(ctx context.Context, queries *OrgDomainSearchQueries) (domains *Domains, err error) {
 	query, scan := prepareDomainsQuery()
 	stmt, args, err := queries.toQuery(query).ToSql()
--- a/internal/ui/login/handler/external_register_handler.go
+++ b/internal/ui/login/handler/external_register_handler.go
@ -117,6 +117,9 @@ func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Reques
 		return
 	}
 	resourceOwner := iam.GlobalOrgID
+	if authReq.RequestedOrgID != "" {
+		resourceOwner = authReq.RequestedOrgID
+	}
 	orgIamPolicy, err := l.getOrgIamPolicy(r, resourceOwner)
 	if err != nil {
 		l.renderRegisterOption(w, r, authReq, err)
@ -155,11 +158,12 @@ func (l *Login) renderExternalRegisterOverview(w http.ResponseWriter, r *http.Re
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
+
 	data := externalRegisterData{
 		baseData: l.getBaseData(r, authReq, "ExternalRegisterOverview", errID, errMessage),
 		externalRegisterFormData: externalRegisterFormData{
 			Email:     human.EmailAddress,
-			Username:  human.PreferredLoginName,
+			Username:  human.Username,
 			Firstname: human.FirstName,
 			Lastname:  human.LastName,
 			Nickname:  human.NickName,
@ -228,6 +232,9 @@ func (l *Login) mapTokenToLoginHumanAndExternalIDP(orgIamPolicy *query.OrgIAMPol
 			username = tokens.IDTokenClaims.GetEmail()
 		}
 	}
+	if username == "" {
+		username = tokens.IDTokenClaims.GetEmail()
+	}

 	if orgIamPolicy.UserLoginMustBeDomain {
 		splittedUsername := strings.Split(username, "@")
--- a/internal/ui/login/handler/jwt_handler.go
+++ b/internal/ui/login/handler/jwt_handler.go
@ -126,6 +126,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
 		l.renderError(w, r, authReq, err)
 		return
 	}
+
 	user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, authReq.LinkingUsers[len(authReq.LinkingUsers)-1], idpConfig)
 	user, metadata, err = l.customExternalUserToLoginUserMapping(user, tokens, authReq, idpConfig, metadata, resourceOwner)
 	if err != nil {
--- a/internal/ui/login/static/templates/external_register_overview.html
+++ b/internal/ui/login/static/templates/external_register_overview.html
@ -34,6 +34,17 @@
            </div>
        </div>

+        <div class="lgn-field double">
+            <label class="lgn-label" for="username">{{t "ExternalRegistrationUserOverview.UsernameLabel"}}</label>
+            <div class="lgn-suffix-wrapper">
+                <input class="lgn-input lgn-suffix-input" type="text" id="username" name="username"
+                       value="{{ .Username }}" required>
+                {{if .DisplayLoginNameSuffix}}
+                <span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
+                {{end}}
+            </div>
+        </div>
+
        <div class="lgn-field double">
            <label class="lgn-label" for="email">{{t "ExternalRegistrationUserOverview.EmailLabel"}}</label>
            <input class="lgn-input" type="text" id="email" name="email" autocomplete="email" value="{{ .Email }}" required>
@ -44,18 +55,6 @@
            <input class="lgn-input" type="text" id="phone" name="phone" autocomplete="tel" value="{{ .Phone }}">
        </div>

-        {{if .ShowUsername}}
-        <div class="lgn-field double">
-            <label class="lgn-label" for="username">{{t "ExternalRegistrationUserOverview.UsernameLabel"}}</label>
-            <div class="lgn-suffix-wrapper">
-                <input class="lgn-input lgn-suffix-input" type="text" id="username" name="username" autocomplete="email" value="{{ .Email }}" required>
-                {{if .DisplayLoginNameSuffix}}
-                <span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
-                {{end}}
-            </div>
-        </div>
-        {{end}}
-
        <div class="double-col">
            <div class="lgn-field">
                <label class="lgn-label" for="languages">{{t "ExternalRegistrationUserOverview.LanguageLabel"}}</label>
@ -111,4 +110,4 @@
 <script src="{{ resourceUrl "scripts/form_submit.js" }}"></script>
 <script src="{{ resourceUrl "scripts/default_form_validation.js" }}"></script>

-{{template "main-bottom" .}}
+{{template "main-bottom" .}}