From 503de6b154365ec23f7b0421c7ae53c824273c7e Mon Sep 17 00:00:00 2001 From: Vitomir Budimir Date: Fri, 19 Jul 2024 14:21:48 +0200 Subject: [PATCH 1/4] feat: check for vidis role on login --- modules/kratos/values.yaml | 3 +++ modules/kratos/vidis_user_mapper.jsonnet | 9 +++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/kratos/values.yaml b/modules/kratos/values.yaml index b9f5fa0..6d55057 100644 --- a/modules/kratos/values.yaml +++ b/modules/kratos/values.yaml @@ -21,6 +21,9 @@ kratos: autoMigrate: true config: + log: + leak_sensitive_values: true + dsn: ${dsn} serve: diff --git a/modules/kratos/vidis_user_mapper.jsonnet b/modules/kratos/vidis_user_mapper.jsonnet index 5034585..b9584d3 100644 --- a/modules/kratos/vidis_user_mapper.jsonnet +++ b/modules/kratos/vidis_user_mapper.jsonnet @@ -21,12 +21,17 @@ local buildUsername = function() then preferredUsername + '-' + enshortenUuid(uuid) else enshortenUuid(uuid); +local checkIfIsTeacher = function() + local rawClaims = extractFromClaims('raw_claims'); + + if 'rolle' in rawClaims then rawClaims['rolle'] == 'LEHR' else false; + { - identity: { + identity: if checkIfIsTeacher() then { traits: { email: buildEmail(), username: buildUsername(), interest: 'other', }, - }, + } else error std.format("ERR_BAD_ROLE"), } From 722ca81cd4939dbc57cd0659e6f0dd101fb0effa Mon Sep 17 00:00:00 2001 From: Vitomir Budimir Date: Fri, 19 Jul 2024 14:22:51 +0200 Subject: [PATCH 2/4] fix: don't log sensitive values --- modules/kratos/values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/kratos/values.yaml b/modules/kratos/values.yaml index 6d55057..b9f5fa0 100644 --- a/modules/kratos/values.yaml +++ b/modules/kratos/values.yaml @@ -21,9 +21,6 @@ kratos: autoMigrate: true config: - log: - leak_sensitive_values: true - dsn: ${dsn} serve: From 508251ce309d8ff65c90f369bf724cae3c728e34 Mon Sep 17 00:00:00 2001 From: Vitomir Budimir Date: Mon, 22 Jul 2024 21:20:56 +0200 Subject: [PATCH 3/4] fix: vidis logic --- modules/kratos/vidis_user_mapper.jsonnet | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/kratos/vidis_user_mapper.jsonnet b/modules/kratos/vidis_user_mapper.jsonnet index b9584d3..a32a3b7 100644 --- a/modules/kratos/vidis_user_mapper.jsonnet +++ b/modules/kratos/vidis_user_mapper.jsonnet @@ -24,14 +24,14 @@ local buildUsername = function() local checkIfIsTeacher = function() local rawClaims = extractFromClaims('raw_claims'); - if 'rolle' in rawClaims then rawClaims['rolle'] == 'LEHR' else false; + if 'rolle' in rawClaims then rawClaims['rolle'] != 'LEHR' else false; -{ - identity: if checkIfIsTeacher() then { +if checkIfIsTeacher() then { + identity: { traits: { email: buildEmail(), username: buildUsername(), interest: 'other', }, - } else error std.format("ERR_BAD_ROLE"), -} + }, +} else error "ERR_BAD_ROLE" From 886744a668000b87885b4afc222c972139f5a51c Mon Sep 17 00:00:00 2001 From: Vitomir Budimir Date: Thu, 25 Jul 2024 15:08:24 +0200 Subject: [PATCH 4/4] fix: revert vidis logic --- modules/kratos/vidis_user_mapper.jsonnet | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/kratos/vidis_user_mapper.jsonnet b/modules/kratos/vidis_user_mapper.jsonnet index a32a3b7..53914da 100644 --- a/modules/kratos/vidis_user_mapper.jsonnet +++ b/modules/kratos/vidis_user_mapper.jsonnet @@ -24,7 +24,7 @@ local buildUsername = function() local checkIfIsTeacher = function() local rawClaims = extractFromClaims('raw_claims'); - if 'rolle' in rawClaims then rawClaims['rolle'] != 'LEHR' else false; + if 'rolle' in rawClaims then rawClaims['rolle'] == 'LEHR' else false; if checkIfIsTeacher() then { identity: {