fix(admin): preserve legacy oidc security write defaults
This commit is contained in:
IanShaw027
parent
a94d89efa7
commit
3419cb0112
@ -682,8 +682,11 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Generic OIDC 参数验证
|
// Generic OIDC 参数验证
|
||||||
oidcUsePKCE := previousSettings.OIDCConnectUsePKCE
|
oidcUsePKCE, oidcValidateIDToken, err := h.settingService.OIDCSecurityWriteDefaults(c.Request.Context())
|
||||||
oidcValidateIDToken := previousSettings.OIDCConnectValidateIDToken
|
if err != nil {
|
||||||
|
response.ErrorFrom(c, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
if req.OIDCConnectEnabled {
|
if req.OIDCConnectEnabled {
|
||||||
req.OIDCConnectProviderName = strings.TrimSpace(req.OIDCConnectProviderName)
|
req.OIDCConnectProviderName = strings.TrimSpace(req.OIDCConnectProviderName)
|
||||||
req.OIDCConnectClientID = strings.TrimSpace(req.OIDCConnectClientID)
|
req.OIDCConnectClientID = strings.TrimSpace(req.OIDCConnectClientID)
|
||||||
|
|||||||
@ -828,6 +828,16 @@ func oidcValidateIDTokenCompatibilityDefault(base config.OIDCConnectConfig) bool
|
|||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func oidcCompatibilityWriteDefault(base config.OIDCConnectConfig, configured bool, raw string, explicit bool, explicitValue bool) bool {
|
||||||
|
if configured {
|
||||||
|
return strings.TrimSpace(raw) == "true"
|
||||||
|
}
|
||||||
|
if explicit {
|
||||||
|
return explicitValue
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
// UpdateSettings 更新系统设置
|
// UpdateSettings 更新系统设置
|
||||||
func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error {
|
func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error {
|
||||||
updates, err := s.buildSystemSettingsUpdates(ctx, settings)
|
updates, err := s.buildSystemSettingsUpdates(ctx, settings)
|
||||||
@ -842,6 +852,28 @@ func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSet
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *SettingService) OIDCSecurityWriteDefaults(ctx context.Context) (bool, bool, error) {
|
||||||
|
rawSettings, err := s.settingRepo.GetMultiple(ctx, []string{
|
||||||
|
SettingKeyOIDCConnectUsePKCE,
|
||||||
|
SettingKeyOIDCConnectValidateIDToken,
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return false, false, fmt.Errorf("get oidc security write defaults: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
base := config.OIDCConnectConfig{}
|
||||||
|
if s != nil && s.cfg != nil {
|
||||||
|
base = s.cfg.OIDC
|
||||||
|
}
|
||||||
|
|
||||||
|
rawUsePKCE, hasUsePKCE := rawSettings[SettingKeyOIDCConnectUsePKCE]
|
||||||
|
rawValidateIDToken, hasValidateIDToken := rawSettings[SettingKeyOIDCConnectValidateIDToken]
|
||||||
|
|
||||||
|
return oidcCompatibilityWriteDefault(base, hasUsePKCE, rawUsePKCE, base.UsePKCEExplicit, base.UsePKCE),
|
||||||
|
oidcCompatibilityWriteDefault(base, hasValidateIDToken, rawValidateIDToken, base.ValidateIDTokenExplicit, base.ValidateIDToken),
|
||||||
|
nil
|
||||||
|
}
|
||||||
|
|
||||||
// UpdateSettingsWithAuthSourceDefaults persists system settings and auth-source defaults in a single write.
|
// UpdateSettingsWithAuthSourceDefaults persists system settings and auth-source defaults in a single write.
|
||||||
func (s *SettingService) UpdateSettingsWithAuthSourceDefaults(ctx context.Context, settings *SystemSettings, authDefaults *AuthSourceDefaultSettings) error {
|
func (s *SettingService) UpdateSettingsWithAuthSourceDefaults(ctx context.Context, settings *SystemSettings, authDefaults *AuthSourceDefaultSettings) error {
|
||||||
updates, err := s.buildSystemSettingsUpdates(ctx, settings)
|
updates, err := s.buildSystemSettingsUpdates(ctx, settings)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user