search

dianagudu / motley_cue

A service for mapping OIDC identities to local identities, with local user management
https://motley-cue.readthedocs.io/
MIT License
8 stars 3 forks source link

WIP: Adapt to flaat rework #35

Closed lburgey closed 2 years ago

lburgey commented 2 years ago

Here my rework. It still uses a git dependency, which will need to get changed before merging.

dianagudu commented 2 years ago

Thanks for the rework, it really streamlines things here!

I added a few fixes to get it running (fc2e2e95b35fc5284a3e8ac68c7b2b04ba49b1d2), but I'm having another issue: for OPs that have no authorisation configured, i.e.

authorise_all = False
authorised_users = []
authorised_vos = []

the OneOf requirement list here ends up being empty and evaluates to True, which results in all users being effectively authorised! The behaviour here should be that no one is.

I could fix this in motley_cue by e.g. checking the length of the requirements list and returning Unsatisfiable(), but I'm wondering if that's the correct behaviour in general.

lburgey commented 2 years ago

the OneOf requirement list here ends up being empty and evaluates to True, which results in all users being effectively authorised! The behaviour here should be that no one is.

I could fix this in motley_cue by e.g. checking the length of the requirements list and returning Unsatisfiable(), but I'm wondering if that's the correct behaviour in general.

I've addressed this in https://github.com/indigo-dc/flaat/commit/61a558a979e9852e4f75e6087931f6b4160374d8

dianagudu commented 2 years ago

Yes, great! That works fine now.