Skip to content

GitLab

Commit 3419cb01 authored by IanShaw027's avatar IanShaw027
Browse files

fix(admin): preserve legacy oidc security write defaults

parent a94d89ef
Hide whitespace changes
Inline Side-by-side
backend/internal/handler/admin/setting_handler.go
View file @ 3419cb01
...@@ -682,8 +682,11 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) { ...@@ -682,8 +682,11 @@ func (h *SettingHandler) UpdateSettings(c *gin.Context) {
} }
// Generic OIDC 参数验证 // Generic OIDC 参数验证
oidcUsePKCE := previousSettings.OIDCConnectUsePKCE oidcUsePKCE, oidcValidateIDToken, err := h.settingService.OIDCSecurityWriteDefaults(c.Request.Context())
oidcValidateIDToken := previousSettings.OIDCConnectValidateIDToken if err != nil {
response.ErrorFrom(c, err)
return
}
if req.OIDCConnectEnabled { if req.OIDCConnectEnabled {
req.OIDCConnectProviderName = strings.TrimSpace(req.OIDCConnectProviderName) req.OIDCConnectProviderName = strings.TrimSpace(req.OIDCConnectProviderName)
req.OIDCConnectClientID = strings.TrimSpace(req.OIDCConnectClientID) req.OIDCConnectClientID = strings.TrimSpace(req.OIDCConnectClientID)
......
backend/internal/service/setting_service.go
View file @ 3419cb01
...@@ -828,6 +828,16 @@ func oidcValidateIDTokenCompatibilityDefault(base config.OIDCConnectConfig) bool ...@@ -828,6 +828,16 @@ func oidcValidateIDTokenCompatibilityDefault(base config.OIDCConnectConfig) bool
return true return true
} }
func oidcCompatibilityWriteDefault(base config.OIDCConnectConfig, configured bool, raw string, explicit bool, explicitValue bool) bool {
if configured {
return strings.TrimSpace(raw) == "true"
}
if explicit {
return explicitValue
}
return false
}
// UpdateSettings 更新系统设置 // UpdateSettings 更新系统设置
func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error { func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSettings) error {
updates, err := s.buildSystemSettingsUpdates(ctx, settings) updates, err := s.buildSystemSettingsUpdates(ctx, settings)
...@@ -842,6 +852,28 @@ func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSet ...@@ -842,6 +852,28 @@ func (s *SettingService) UpdateSettings(ctx context.Context, settings *SystemSet
return err return err
} }
func (s *SettingService) OIDCSecurityWriteDefaults(ctx context.Context) (bool, bool, error) {
rawSettings, err := s.settingRepo.GetMultiple(ctx, []string{
SettingKeyOIDCConnectUsePKCE,
SettingKeyOIDCConnectValidateIDToken,
})
if err != nil {
return false, false, fmt.Errorf("get oidc security write defaults: %w", err)
}
base := config.OIDCConnectConfig{}
if s != nil && s.cfg != nil {
base = s.cfg.OIDC
}
rawUsePKCE, hasUsePKCE := rawSettings[SettingKeyOIDCConnectUsePKCE]
rawValidateIDToken, hasValidateIDToken := rawSettings[SettingKeyOIDCConnectValidateIDToken]
return oidcCompatibilityWriteDefault(base, hasUsePKCE, rawUsePKCE, base.UsePKCEExplicit, base.UsePKCE),
oidcCompatibilityWriteDefault(base, hasValidateIDToken, rawValidateIDToken, base.ValidateIDTokenExplicit, base.ValidateIDToken),
nil
}
// UpdateSettingsWithAuthSourceDefaults persists system settings and auth-source defaults in a single write. // UpdateSettingsWithAuthSourceDefaults persists system settings and auth-source defaults in a single write.
func (s *SettingService) UpdateSettingsWithAuthSourceDefaults(ctx context.Context, settings *SystemSettings, authDefaults *AuthSourceDefaultSettings) error { func (s *SettingService) UpdateSettingsWithAuthSourceDefaults(ctx context.Context, settings *SystemSettings, authDefaults *AuthSourceDefaultSettings) error {
updates, err := s.buildSystemSettingsUpdates(ctx, settings) updates, err := s.buildSystemSettingsUpdates(ctx, settings)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment