georchestra / georchestra-gateway

GNU General Public License v3.0
0 stars 5 forks source link

Returns `ExtendedGeorchestraUser` object when `createUserInLdap` set to `true` #114

Closed pmauduit closed 3 months ago

pmauduit commented 5 months ago

Considering the following configuration scenario:

Then the resolved GeorchestraUser should be an ExtendedGeorchestraUser, in order to have a behaviour coherent with the geOrchestra LDAP authentication (via the classic login form provided by the gateway).

Without doing so, users externally authenticated will resolve as a classic GeorchestraUser, leading to missing http headers and breaking some geOrchestra applications (e.g. datafeeder, which requires the sec-orgname provided only when resolving to an ExtendedGeorchestraUser).

This also refactors the LdapConfigProperties to GeorchestraGatewaySecurityConfigProperties, as the object is not only about LDAP, but also nests some other configureable features (OIDC, ...).

Documentation has been updated to describe / explain the behaviour.

Tests:

pmauduit commented 3 months ago

Thanks @groldan for the review

squash-merge them into your original commit.

:+1:

pmauduit commented 3 months ago

thymeleaf templates for e.g. login are not resolved anymore after this merge, I cannot explain why for now, but hitting /login will return the "login" string as response body.

pmauduit commented 3 months ago

okay, I think I found out why: https://github.com/georchestra/georchestra-gateway/pull/114/files#diff-43ef18b53f2a277648eeae678e065e55d8460a4e011a0c8c53a754764e665437L59