Closed atoppi closed 2 years ago
This PR adds to the authentication module the support for dots claim and tuple roles matching.
dots
If requested by the client, the datatracker user-info API now returns the dots property in the user profile:
{ "dots": [ "ad", "llc" ], "email": "john@doe.net", "family_name": "Doe", "given_name": "John", "name": "John Doe", "nickname": "-", "picture": "https://www.ietf.org/cdn-cgi/image/fit=scale-down,width=80,height=80/media/photo/john-doe.jpg", "roles": [ [ "ad", "ops" ], [ "ad", "dnsop" ], [ "ad", "v6ops" ] ], "sub": "499" }
dots claim can be used now to match a wikijs group.
As such the mappings.json format has been changed to support the new feature:
mappings.json
{ "defaults": [ "members" ], "mappings": { "roles": { "admins": [ [ "ad", "iesg" ] ], "editors": [ [ "chair", "*" ] ] }, "dots": { "editors": [ "ad" ], "ietf-chairs": [ "llc" ] } } }
Wildcards are not supported in the dots matching rules.
The roles in the mappings.json can now be arrays of unspecified size.
{ "defaults": [ "members" ], "mappings": { "roles": { "admins": [ [ "ad", "iesg", "test", "test2" ] ], "editors": [ [ "chair", "*" "test", "*" ] ] }, "dots": { "editors": [ "ad" ], "ietf-chairs": [ "llc" ] } } }
A rule is matched only if the array of the rule has the same length of the array in the user claim.
This PR adds to the authentication module the support for
dotsclaim and tuple roles matching.Dots claim matching
If requested by the client, the datatracker user-info API now returns the
dotsproperty in the user profile:dotsclaim can be used now to match a wikijs group.As such the
mappings.jsonformat has been changed to support the new feature:Wildcards are not supported in the
dotsmatching rules.Tuple Roles matching
The roles in the
mappings.jsoncan now be arrays of unspecified size.A rule is matched only if the array of the rule has the same length of the array in the user claim.