From a3ca3a70b3edde39f17c5f753a9c4c9428a5c3fc Mon Sep 17 00:00:00 2001 From: Alexandro <71392273+arbdevml@users.noreply.github.com> Date: Fri, 21 Apr 2023 11:55:43 +0000 Subject: [PATCH] Added integration with OpenID Connect Authelia --- app/models/oic_session.rb | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/app/models/oic_session.rb b/app/models/oic_session.rb index dba5071..13c96ec 100644 --- a/app/models/oic_session.rb +++ b/app/models/oic_session.rb @@ -139,6 +139,15 @@ def check_keycloak_role(role) return true if kc_is_in_role end + def check_authelia_role(role) + #authelia way... + authelia_is_in_role = false + if user["groups"].present? + authelia_is_in_role = user["groups"].include?(role) + end + return true if authelia_is_in_role + end + def authorized? if client_config['group'].blank? return true @@ -146,13 +155,15 @@ def authorized? return true if check_keycloak_role client_config['group'] + return true if check_authelia_role client_config['group'] + return false if !user["member_of"] && !user["roles"] return true if self.admin? if client_config['group'].present? return true if user["member_of"].present? && user["member_of"].include?(client_config['group']) - return true if user["roles"].present? && user["roles"].include?(client_config['group']) || user["roles"].include?(client_config['admin_group']) + return true if user["roles"].present? && user["roles"].include?(client_config['group']) || user["roles"].include?(client_config['admin_group']) end return false @@ -168,13 +179,16 @@ def admin? end # keycloak way... return true if check_keycloak_role client_config['admin_group'] + + # authelia way... + return true if check_authelia_role client_config['admin_group'] end return false end def user - if access_token? # keycloak way... + if (access_token? && access_token.exclude?('authelia')) # keycloak way... @user = JSON::parse(Base64::decode64(access_token.split('.')[1])) else @user = JSON::parse(Base64::decode64(id_token.split('.')[1]))