|
@@ -2252,13 +2252,15 @@ async def oauth_callback(provider: str, request: Request, response: Response):
|
|
|
role = "admin"
|
|
role = "admin"
|
|
|
elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
|
|
elif webui_app.state.config.ENABLE_OAUTH_ROLE_MAPPING:
|
|
|
oauth_claim = webui_app.state.config.OAUTH_ROLES_CLAIM
|
|
oauth_claim = webui_app.state.config.OAUTH_ROLES_CLAIM
|
|
|
- oauth_roles = user_data.get(oauth_claim) # Works for simple claims with no nesting
|
|
|
|
|
|
|
+ oauth_roles = user_data.get(oauth_claim) # Works for simple claims with no nesting
|
|
|
if oauth_roles and "." in oauth_claim:
|
|
if oauth_roles and "." in oauth_claim:
|
|
|
# Implementation to handle nested claims of arbitrary depth
|
|
# Implementation to handle nested claims of arbitrary depth
|
|
|
nested_claims = oauth_claim.split(".")
|
|
nested_claims = oauth_claim.split(".")
|
|
|
- claim_data = user_data.get(nested_claims[0])
|
|
|
|
|
- for nested_claim in nested_claims[1:]:
|
|
|
|
|
|
|
+ claim_data = user_data
|
|
|
|
|
+ for nested_claim in nested_claims:
|
|
|
claim_data = claim_data.get(nested_claim)
|
|
claim_data = claim_data.get(nested_claim)
|
|
|
|
|
+ if claim_data is None:
|
|
|
|
|
+ break
|
|
|
oauth_roles = claim_data
|
|
oauth_roles = claim_data
|
|
|
|
|
|
|
|
log.info(f"User {user.name} has OAuth roles: {oauth_roles}")
|
|
log.info(f"User {user.name} has OAuth roles: {oauth_roles}")
|
Patrick Willnow