diff --git a/crates/cli/src/commands/manage.rs b/crates/cli/src/commands/manage.rs index 5a362828..9c8cd30f 100644 --- a/crates/cli/src/commands/manage.rs +++ b/crates/cli/src/commands/manage.rs @@ -15,7 +15,7 @@ use anyhow::Context; use clap::{Parser, ValueEnum}; use mas_config::{DatabaseConfig, PasswordsConfig, RootConfig}; -use mas_data_model::{Device, TokenType}; +use mas_data_model::{Device, TokenType, UpstreamOAuthProviderClaimsImports}; use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod}; use mas_router::UrlBuilder; use mas_storage::{ @@ -375,6 +375,7 @@ impl Options { token_endpoint_signing_alg, client_id.clone(), encrypted_client_secret, + UpstreamOAuthProviderClaimsImports::default(), ) .await?; diff --git a/crates/data-model/src/upstream_oauth2/mod.rs b/crates/data-model/src/upstream_oauth2/mod.rs index f4b4cd66..1af1b0d0 100644 --- a/crates/data-model/src/upstream_oauth2/mod.rs +++ b/crates/data-model/src/upstream_oauth2/mod.rs @@ -20,6 +20,7 @@ pub use self::{ link::UpstreamOAuthLink, provider::{ ClaimsImports as UpstreamOAuthProviderClaimsImports, + ImportAction as UpstreamOAuthProviderImportAction, ImportPreference as UpstreamOAuthProviderImportPreference, UpstreamOAuthProvider, }, session::{UpstreamOAuthAuthorizationSession, UpstreamOAuthAuthorizationSessionState}, diff --git a/crates/handlers/src/upstream_oauth2/link.rs b/crates/handlers/src/upstream_oauth2/link.rs index 0248bad9..f22e631a 100644 --- a/crates/handlers/src/upstream_oauth2/link.rs +++ b/crates/handlers/src/upstream_oauth2/link.rs @@ -124,7 +124,7 @@ fn import_claim( name: &'static str, value: Option, preference: &UpstreamOAuthProviderImportPreference, - mut run: impl FnMut(String, bool) -> (), + mut run: impl FnMut(String, bool), ) -> Result<(), RouteError> { // If this claim is ignored, we don't need to do anything. if preference.ignore() { diff --git a/crates/handlers/src/views/login.rs b/crates/handlers/src/views/login.rs index 4b2d8a44..8a77e255 100644 --- a/crates/handlers/src/views/login.rs +++ b/crates/handlers/src/views/login.rs @@ -284,6 +284,7 @@ mod test { header::{CONTENT_TYPE, LOCATION}, Request, StatusCode, }; + use mas_data_model::UpstreamOAuthProviderClaimsImports; use mas_iana::oauth::OAuthClientAuthenticationMethod; use mas_router::Route; use mas_storage::{upstream_oauth2::UpstreamOAuthProviderRepository, RepositoryAccess}; @@ -326,6 +327,7 @@ mod test { None, "first_client".into(), None, + UpstreamOAuthProviderClaimsImports::default(), ) .await .unwrap(); @@ -350,6 +352,7 @@ mod test { None, "second_client".into(), None, + UpstreamOAuthProviderClaimsImports::default(), ) .await .unwrap(); diff --git a/crates/storage-pg/src/upstream_oauth2/mod.rs b/crates/storage-pg/src/upstream_oauth2/mod.rs index 5bf97514..e729e06a 100644 --- a/crates/storage-pg/src/upstream_oauth2/mod.rs +++ b/crates/storage-pg/src/upstream_oauth2/mod.rs @@ -27,6 +27,7 @@ pub use self::{ #[cfg(test)] mod tests { use chrono::Duration; + use mas_data_model::UpstreamOAuthProviderClaimsImports; use mas_storage::{ clock::MockClock, upstream_oauth2::{ @@ -64,6 +65,7 @@ mod tests { None, "client-id".to_owned(), None, + UpstreamOAuthProviderClaimsImports::default(), ) .await .unwrap(); @@ -207,6 +209,7 @@ mod tests { None, client_id, None, + UpstreamOAuthProviderClaimsImports::default(), ) .await .unwrap(); diff --git a/crates/storage-pg/src/upstream_oauth2/provider.rs b/crates/storage-pg/src/upstream_oauth2/provider.rs index 2aeb5ae1..60dc60a3 100644 --- a/crates/storage-pg/src/upstream_oauth2/provider.rs +++ b/crates/storage-pg/src/upstream_oauth2/provider.rs @@ -163,13 +163,12 @@ impl<'c> UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<' token_endpoint_signing_alg: Option, client_id: String, encrypted_client_secret: Option, + claims_imports: UpstreamOAuthProviderClaimsImports, ) -> Result { let created_at = clock.now(); let id = Ulid::from_datetime_with_source(created_at.into(), rng); tracing::Span::current().record("upstream_oauth_provider.id", tracing::field::display(id)); - let claims_imports = UpstreamOAuthProviderClaimsImports::default(); - sqlx::query!( r#" INSERT INTO upstream_oauth_providers ( diff --git a/crates/storage/src/upstream_oauth2/provider.rs b/crates/storage/src/upstream_oauth2/provider.rs index 663af2c9..f1d05e6c 100644 --- a/crates/storage/src/upstream_oauth2/provider.rs +++ b/crates/storage/src/upstream_oauth2/provider.rs @@ -13,7 +13,7 @@ // limitations under the License. use async_trait::async_trait; -use mas_data_model::UpstreamOAuthProvider; +use mas_data_model::{UpstreamOAuthProvider, UpstreamOAuthProviderClaimsImports}; use mas_iana::{jose::JsonWebSignatureAlg, oauth::OAuthClientAuthenticationMethod}; use oauth2_types::scope::Scope; use rand_core::RngCore; @@ -58,6 +58,8 @@ pub trait UpstreamOAuthProviderRepository: Send + Sync { /// * `client_id`: The client ID to use when authenticating to the upstream /// * `encrypted_client_secret`: The encrypted client secret to use when /// authenticating to the upstream + /// * `claims_imports`: How claims should be imported from the upstream + /// provider /// /// # Errors /// @@ -73,6 +75,7 @@ pub trait UpstreamOAuthProviderRepository: Send + Sync { token_endpoint_signing_alg: Option, client_id: String, encrypted_client_secret: Option, + claims_imports: UpstreamOAuthProviderClaimsImports, ) -> Result; /// Get a paginated list of upstream OAuth providers @@ -109,7 +112,8 @@ repository_impl!(UpstreamOAuthProviderRepository: token_endpoint_auth_method: OAuthClientAuthenticationMethod, token_endpoint_signing_alg: Option, client_id: String, - encrypted_client_secret: Option + encrypted_client_secret: Option, + claims_imports: UpstreamOAuthProviderClaimsImports ) -> Result; async fn list_paginated(