fix: add documentation and unsets

georchestra · Jun 26, 2024 · 0f177ea · 0f177ea
1 parent bcee8dd
commit 0f177ea
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/docs/pre-authentication.adoc b/docs/pre-authentication.adoc
@@ -30,6 +30,8 @@ The following headers are expected to be received by the Gateway:
 * `preauth-firstname`: the first name of the user (e.g. "Pierre")
 * `preauth-lastname`: the surname of the user (e.g. "Mauduit")
 * `preauth-org`: the organisation identifier (e.g. "geOrchestra")
+* `preauth-provider`: __(optional)__ the external provider (e.g. "myexternalprovider")
+* `preauth-provider-id`: __(optional)__ the external provider identifier (e.g. "user_123456")
 
 == Charset considerations & encoded headers
 
@@ -152,6 +154,8 @@ The following Apache configuration has been used in a setup to interact with the
  RequestHeader unset preauth-firstname
  RequestHeader unset preauth-lastname
  RequestHeader unset preauth-org
+ RequestHeader unset preauth-provider
+ RequestHeader unset preauth-provider-id
 
  # The following ones are used by geOrchestra
  # You can find a list of headers here:
@@ -177,6 +181,8 @@ The following Apache configuration has been used in a setup to interact with the
  RequestHeader set preauth-firstname %{MELLON_GIVEN_NAME}e "expr=-n env('MELLON_GIVEN_NAME')"
  RequestHeader set preauth-lastname %{MELLON_SN}e "expr=-n env('MELLON_SN')"
  RequestHeader set preauth-org %{MELLON_O}e "expr=-n env('MELLON_O')"
+ RequestHeader set preauth-provider myexternalprovider "expr=-n env('MELLON_O')"
+ RequestHeader set preauth-provider-id %{MELLON_EPPN}e "expr=-n env('MELLON_EPPN')"
  # If needed to base64-encode the headers because of them containing accented characters, you can
  # use the following syntax and adapt the other headers above:
  # RequestHeader set preauth-lastname "expr={base64}%{base64:%{env:MELLON_SN}}" "expr=-n env('MELLON_SN')"

diff --git a/.../src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java b/.../src/main/java/org/georchestra/gateway/security/preauth/PreauthAuthenticationManager.java
@@ -113,6 +113,7 @@ public static GeorchestraUser map(Map<String, String> requestHeaders) {
  user.setRoles(roleNames);
  user.setOAuth2Provider(provider);
  user.setOAuth2Uid(providerId);
+ //TODO rename oauth2 fields to a more generic name : externalProvider ?
  return user;
  }
 
@@ -124,5 +125,7 @@ public void removePreauthHeaders(HttpHeaders mutableHeaders) {
  mutableHeaders.remove(PREAUTH_LASTNAME);
  mutableHeaders.remove(PREAUTH_ORG);
  mutableHeaders.remove(PREAUTH_ROLES);
+ mutableHeaders.remove(PREAUTH_PROVIDER);
+ mutableHeaders.remove(PREAUTH_PROVIDER_ID);
  }
 }