From 41ec3321b0b7704d93a97da22b0ded9bd94abccd Mon Sep 17 00:00:00 2001
From: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Date: Tue, 11 Jan 2022 17:59:12 +0100
Subject: [PATCH] fix: username mapping of idp (#2977)

* docs: add primary domain scope section to identity brokering guide

* fix: register overview

* Update external_register_overview.html

* fix mapping

* fix html

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
---
 internal/query/org_domain.go                  |  4 +++
 .../handler/external_register_handler.go      |  9 ++++++-
 internal/ui/login/handler/jwt_handler.go      |  1 +
 .../templates/external_register_overview.html | 25 +++++++++----------
 4 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/internal/query/org_domain.go b/internal/query/org_domain.go
index b02ef6874e..31dc64c4f0 100644
--- a/internal/query/org_domain.go
+++ b/internal/query/org_domain.go
@@ -48,6 +48,10 @@ func NewOrgDomainOrgIDSearchQuery(value string) (SearchQuery, error) {
 	return NewTextQuery(OrgDomainOrgIDCol, value, TextEquals)
 }
 
+func NewOrgDomainVerifiedSearchQuery(verified bool) (SearchQuery, error) {
+	return NewBoolQuery(OrgDomainIsVerifiedCol, verified)
+}
+
 func (q *Queries) SearchOrgDomains(ctx context.Context, queries *OrgDomainSearchQueries) (domains *Domains, err error) {
 	query, scan := prepareDomainsQuery()
 	stmt, args, err := queries.toQuery(query).ToSql()
diff --git a/internal/ui/login/handler/external_register_handler.go b/internal/ui/login/handler/external_register_handler.go
index 96db3500b4..9382d43db3 100644
--- a/internal/ui/login/handler/external_register_handler.go
+++ b/internal/ui/login/handler/external_register_handler.go
@@ -117,6 +117,9 @@ func (l *Login) handleExternalUserRegister(w http.ResponseWriter, r *http.Reques
 		return
 	}
 	resourceOwner := iam.GlobalOrgID
+	if authReq.RequestedOrgID != "" {
+		resourceOwner = authReq.RequestedOrgID
+	}
 	orgIamPolicy, err := l.getOrgIamPolicy(r, resourceOwner)
 	if err != nil {
 		l.renderRegisterOption(w, r, authReq, err)
@@ -155,11 +158,12 @@ func (l *Login) renderExternalRegisterOverview(w http.ResponseWriter, r *http.Re
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
+
 	data := externalRegisterData{
 		baseData: l.getBaseData(r, authReq, "ExternalRegisterOverview", errID, errMessage),
 		externalRegisterFormData: externalRegisterFormData{
 			Email:     human.EmailAddress,
-			Username:  human.PreferredLoginName,
+			Username:  human.Username,
 			Firstname: human.FirstName,
 			Lastname:  human.LastName,
 			Nickname:  human.NickName,
@@ -228,6 +232,9 @@ func (l *Login) mapTokenToLoginHumanAndExternalIDP(orgIamPolicy *query.OrgIAMPol
 			username = tokens.IDTokenClaims.GetEmail()
 		}
 	}
+	if username == "" {
+		username = tokens.IDTokenClaims.GetEmail()
+	}
 
 	if orgIamPolicy.UserLoginMustBeDomain {
 		splittedUsername := strings.Split(username, "@")
diff --git a/internal/ui/login/handler/jwt_handler.go b/internal/ui/login/handler/jwt_handler.go
index cd6c9f0bc9..8e57e71354 100644
--- a/internal/ui/login/handler/jwt_handler.go
+++ b/internal/ui/login/handler/jwt_handler.go
@@ -126,6 +126,7 @@ func (l *Login) jwtExtractionUserNotFound(w http.ResponseWriter, r *http.Request
 		l.renderError(w, r, authReq, err)
 		return
 	}
+
 	user, externalIDP, metadata := l.mapExternalUserToLoginUser(orgIamPolicy, authReq.LinkingUsers[len(authReq.LinkingUsers)-1], idpConfig)
 	user, metadata, err = l.customExternalUserToLoginUserMapping(user, tokens, authReq, idpConfig, metadata, resourceOwner)
 	if err != nil {
diff --git a/internal/ui/login/static/templates/external_register_overview.html b/internal/ui/login/static/templates/external_register_overview.html
index b9b58abf3f..c836c1fe03 100644
--- a/internal/ui/login/static/templates/external_register_overview.html
+++ b/internal/ui/login/static/templates/external_register_overview.html
@@ -34,6 +34,17 @@
             </div>
         </div>
 
+        <div class="lgn-field double">
+            <label class="lgn-label" for="username">{{t "ExternalRegistrationUserOverview.UsernameLabel"}}</label>
+            <div class="lgn-suffix-wrapper">
+                <input class="lgn-input lgn-suffix-input" type="text" id="username" name="username"
+                       value="{{ .Username }}" required>
+                {{if .DisplayLoginNameSuffix}}
+                <span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
+                {{end}}
+            </div>
+        </div>
+
         <div class="lgn-field double">
             <label class="lgn-label" for="email">{{t "ExternalRegistrationUserOverview.EmailLabel"}}</label>
             <input class="lgn-input" type="text" id="email" name="email" autocomplete="email" value="{{ .Email }}" required>
@@ -44,18 +55,6 @@
             <input class="lgn-input" type="text" id="phone" name="phone" autocomplete="tel" value="{{ .Phone }}">
         </div>
 
-        {{if .ShowUsername}}
-        <div class="lgn-field double">
-            <label class="lgn-label" for="username">{{t "ExternalRegistrationUserOverview.UsernameLabel"}}</label>
-            <div class="lgn-suffix-wrapper">
-                <input class="lgn-input lgn-suffix-input" type="text" id="username" name="username" autocomplete="email" value="{{ .Email }}" required>
-                {{if .DisplayLoginNameSuffix}}
-                <span id="default-login-suffix" lgnsuffix class="loginname-suffix">@{{.PrimaryDomain}}</span>
-                {{end}}
-            </div>
-        </div>
-        {{end}}
-
         <div class="double-col">
             <div class="lgn-field">
                 <label class="lgn-label" for="languages">{{t "ExternalRegistrationUserOverview.LanguageLabel"}}</label>
@@ -111,4 +110,4 @@
 <script src="{{ resourceUrl "scripts/form_submit.js" }}"></script>
 <script src="{{ resourceUrl "scripts/default_form_validation.js" }}"></script>
 
-{{template "main-bottom" .}}
\ No newline at end of file
+{{template "main-bottom" .}}