From 4d3901b35d9c70908cf1e0876616bae726a9d84a Mon Sep 17 00:00:00 2001 From: Marie PUPO JEAMMET Date: Mon, 3 Feb 2025 18:39:51 +0100 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8(auth)=20fix=20empty=20name=20from=20P?= =?UTF-8?q?roConnect?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add proconnect scopes for names to be computed automatically upon user creation This commit fixes the way names are computed from ProConnect claims --- CHANGELOG.md | 1 + src/backend/core/authentication/backends.py | 3 +-- src/helm/env.d/dev/values.desk.yaml.gotmpl | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9aa6329..7cccafc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ and this project adheres to ### Fixed +- ✨(auth) fix empty names from ProConnect #687 - 🚑️(teams) do not display add button when disallowed #676 - 🚑️(plugins) fix name from SIRET specific case #674 - 🐛(api) restrict mailbox sync to enabled domains diff --git a/src/backend/core/authentication/backends.py b/src/backend/core/authentication/backends.py index 25c5a00..65ecfec 100644 --- a/src/backend/core/authentication/backends.py +++ b/src/backend/core/authentication/backends.py @@ -95,13 +95,12 @@ class OIDCAuthenticationBackend(MozillaOIDCAuthenticationBackend): ) # Get user's full name from OIDC fields defined in settings - full_name = self.compute_full_name(user_info) email = user_info.get("email") claims = { "sub": sub, "email": email, - "name": full_name, + "name": self.compute_full_name(user_info), } if settings.OIDC_ORGANIZATION_REGISTRATION_ID_FIELD: claims[settings.OIDC_ORGANIZATION_REGISTRATION_ID_FIELD] = user_info.get( diff --git a/src/helm/env.d/dev/values.desk.yaml.gotmpl b/src/helm/env.d/dev/values.desk.yaml.gotmpl index 28a942d..b13a310 100644 --- a/src/helm/env.d/dev/values.desk.yaml.gotmpl +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -47,7 +47,8 @@ backend: name: backend key: OIDC_RP_CLIENT_SECRET OIDC_RP_SIGN_ALGO: RS256 - OIDC_RP_SCOPES: "openid email siret" + OIDC_RP_SCOPES: "openid email siret given_name usual_name" + USER_OIDC_FIELDS_TO_NAME: "given_name,usual_name" OIDC_REDIRECT_ALLOWED_HOSTS: https://desk.127.0.0.1.nip.io OIDC_AUTH_REQUEST_EXTRA_PARAMS: "{'acr_values': 'eidas1'}" ORGANIZATION_PLUGINS: "plugins.organizations.NameFromSiretOrganizationPlugin"