Run the registration policy on upstream OAuth registration

2025-07-31 09:24:31 +03:00 · 2023-08-30 18:36:53 +02:00
parent 7fcd022eea
commit 23571e87ea
14 changed files with 207 additions and 41 deletions
--- a/crates/policy/src/lib.rs
+++ b/crates/policy/src/lib.rs
@ -251,6 +251,31 @@ impl Policy {
        Ok(res)
    }

+    #[tracing::instrument(
+        name = "policy.evaluate.upstream_oauth_register",
+        skip_all,
+        fields(
+            input.registration_method = "password",
+            input.user.username = username,
+            input.user.email = email,
+        ),
+        err,
+    )]
+    pub async fn evaluate_upstream_oauth_register(
+        &mut self,
+        username: &str,
+        email: Option<&str>,
+    ) -> Result<EvaluationResult, EvaluationError> {
+        let input = RegisterInput::UpstreamOAuth2 { username, email };
+
+        let [res]: [EvaluationResult; 1] = self
+            .instance
+            .evaluate(&mut self.store, &self.entrypoints.register, &input)
+            .await?;
+
+        Ok(res)
+    }
+
    #[tracing::instrument(skip(self))]
    pub async fn evaluate_client_registration(
        &mut self,
--- a/crates/policy/src/model.rs
+++ b/crates/policy/src/model.rs
@ -56,14 +56,23 @@ impl EvaluationResult {

 /// Input for the user registration policy.
 #[derive(Serialize, Debug)]
-#[serde(tag = "registration_method", rename_all = "snake_case")]
+#[serde(tag = "registration_method")]
 #[cfg_attr(feature = "jsonschema", derive(schemars::JsonSchema))]
 pub enum RegisterInput<'a> {
+    #[serde(rename = "password")]
    Password {
        username: &'a str,
        password: &'a str,
        email: &'a str,
    },
+
+    #[serde(rename = "upstream-oauth2")]
+    UpstreamOAuth2 {
+        username: &'a str,
+
+        #[serde(skip_serializing_if = "Option::is_none")]
+        email: Option<&'a str>,
+    },
 }

 /// Input for the client registration policy.