fix tests

2025-07-17 06:42:52 +02:00 · 2025-07-07 13:56:20 +08:00 · 2025-07-07 13:56:20 +08:00 · 3332475a42
commit 3332475a42
parent b5ae054554
5 changed files with 61 additions and 30 deletions
--- a/cmd/admin_auth_oauth.go
+++ b/cmd/admin_auth_oauth.go
@ -87,6 +87,14 @@ func oauthCLIFlags() []cli.Flag {
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
+		&cli.StringFlag{
+			Name:  "attribute-ssh-public-key",
+			Usage: "Claim name that provides SSH public keys",
+		},
+		&cli.StringFlag{
+			Name:  "attribute-full-name",
+			Usage: "Claim name that provides user's full name",
+		},
 		&cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
@ -177,6 +185,8 @@ func parseOAuth2Config(c *cli.Command) *oauth2.Source {
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
+		AttributeSSHPublicKey:         c.String("attribute-ssh-public-key"),
+		AttributeFullName:             c.String("attribute-full-name"),
 	}
 }

@ -268,6 +278,12 @@ func (a *authService) runUpdateOauth(ctx context.Context, c *cli.Command) error
 	if c.IsSet("group-team-map-removal") {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}
+	if c.IsSet("attribute-ssh-public-key") {
+		oAuth2Config.AttributeSSHPublicKey = c.String("attribute-ssh-public-key")
+	}
+	if c.IsSet("attribute-full-name") {
+		oAuth2Config.AttributeFullName = c.String("attribute-full-name")
+	}

 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
--- a/cmd/admin_auth_oauth_test.go
+++ b/cmd/admin_auth_oauth_test.go
@ -88,6 +88,8 @@ func TestAddOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=true",
+				"--attribute-ssh-public-key", "attr_ssh_pub_key",
+				"--attribute-full-name", "attr_full_name",
 			},
 			source: &auth_model.Source{
 				Type:     auth_model.OAuth2,
@ -104,15 +106,17 @@ func TestAddOauth(t *testing.T) {
 						EmailURL:   "https://example.com/email",
 						Tenant:     "some_tenant",
 					},
-					IconURL:             "https://example.com/icon",
-					Scopes:              []string{"scope1", "scope2"},
-					RequiredClaimName:   "claim_name",
-					RequiredClaimValue:  "claim_value",
-					GroupClaimName:      "group_name",
-					AdminGroup:          "admin",
-					RestrictedGroup:     "restricted",
-					GroupTeamMap:        `{"group1": [1,2]}`,
-					GroupTeamMapRemoval: true,
+					IconURL:               "https://example.com/icon",
+					Scopes:                []string{"scope1", "scope2"},
+					RequiredClaimName:     "claim_name",
+					RequiredClaimValue:    "claim_value",
+					GroupClaimName:        "group_name",
+					AdminGroup:            "admin",
+					RestrictedGroup:       "restricted",
+					GroupTeamMap:          `{"group1": [1,2]}`,
+					GroupTeamMapRemoval:   true,
+					AttributeSSHPublicKey: "attr_ssh_pub_key",
+					AttributeFullName:     "attr_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},
@ -223,15 +227,17 @@ func TestUpdateOauth(t *testing.T) {
 						EmailURL:   "https://old.example.com/email",
 						Tenant:     "old_tenant",
 					},
-					IconURL:             "https://old.example.com/icon",
-					Scopes:              []string{"old_scope1", "old_scope2"},
-					RequiredClaimName:   "old_claim_name",
-					RequiredClaimValue:  "old_claim_value",
-					GroupClaimName:      "old_group_name",
-					AdminGroup:          "old_admin",
-					RestrictedGroup:     "old_restricted",
-					GroupTeamMap:        `{"old_group1": [1,2]}`,
-					GroupTeamMapRemoval: true,
+					IconURL:               "https://old.example.com/icon",
+					Scopes:                []string{"old_scope1", "old_scope2"},
+					RequiredClaimName:     "old_claim_name",
+					RequiredClaimValue:    "old_claim_value",
+					GroupClaimName:        "old_group_name",
+					AdminGroup:            "old_admin",
+					RestrictedGroup:       "old_restricted",
+					GroupTeamMap:          `{"old_group1": [1,2]}`,
+					GroupTeamMapRemoval:   true,
+					AttributeSSHPublicKey: "old_ssh_pub_key",
+					AttributeFullName:     "old_full_name",
 				},
 				TwoFactorPolicy: "",
 			},
@ -257,6 +263,8 @@ func TestUpdateOauth(t *testing.T) {
 				"--restricted-group", "restricted",
 				"--group-team-map", `{"group1": [1,2]}`,
 				"--group-team-map-removal=false",
+				"--attribute-ssh-public-key", "new_ssh_pub_key",
+				"--attribute-full-name", "new_full_name",
 			},
 			authSource: &auth_model.Source{
 				ID:       1,
@ -274,15 +282,17 @@ func TestUpdateOauth(t *testing.T) {
 						EmailURL:   "https://example.com/email",
 						Tenant:     "new_tenant",
 					},
-					IconURL:             "https://example.com/icon",
-					Scopes:              []string{"scope1", "scope2"},
-					RequiredClaimName:   "claim_name",
-					RequiredClaimValue:  "claim_value",
-					GroupClaimName:      "group_name",
-					AdminGroup:          "admin",
-					RestrictedGroup:     "restricted",
-					GroupTeamMap:        `{"group1": [1,2]}`,
-					GroupTeamMapRemoval: false,
+					IconURL:               "https://example.com/icon",
+					Scopes:                []string{"scope1", "scope2"},
+					RequiredClaimName:     "claim_name",
+					RequiredClaimValue:    "claim_value",
+					GroupClaimName:        "group_name",
+					AdminGroup:            "admin",
+					RestrictedGroup:       "restricted",
+					GroupTeamMap:          `{"group1": [1,2]}`,
+					GroupTeamMapRemoval:   false,
+					AttributeSSHPublicKey: "new_ssh_pub_key",
+					AttributeFullName:     "new_full_name",
 				},
 				TwoFactorPolicy: "skip",
 			},
--- a/models/auth/source.go
+++ b/models/auth/source.go
@ -334,7 +334,7 @@ func UpdateSource(ctx context.Context, source *Source) error {

 	err = registerableSource.RegisterSource()
 	if err != nil {
-		// restore original values since we cannot update the provider it self
+		// restore original values since we cannot update the provider itself
 		if _, err := db.GetEngine(ctx).ID(source.ID).AllCols().Update(originalSource); err != nil {
 			log.Error("UpdateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
 		}
--- a/routers/web/auth/linkaccount.go
+++ b/routers/web/auth/linkaccount.go
@ -170,7 +170,10 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 }

 func oauth2LinkAccount(ctx *context.Context, u *user_model.User, linkAccountData *LinkAccountData, remember bool) {
-	// no need to call updateAvatarIfNeed(ctx, gothUser.AvatarURL, u) be cause
+	oauth2SignInSync(ctx, &linkAccountData.AuthSource, u, linkAccountData.GothUser)
+	if ctx.Written() {
+		return
+	}

 	// If this user is enrolled in 2FA, we can't sign the user in just yet.
 	// Instead, redirect them to the 2FA authentication page.
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@ -9,6 +9,7 @@ import (
 	"strings"
 	"testing"

+	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@ -17,6 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers"
+	"code.gitea.io/gitea/routers/web/auth"
 	"code.gitea.io/gitea/services/context"
 	"code.gitea.io/gitea/tests"

@ -104,7 +106,7 @@ func TestEnablePasswordSignInFormAndEnablePasskeyAuth(t *testing.T) {

 	mockLinkAccount := func(ctx *context.Context) {
 		gothUser := goth.User{Email: "invalid-email", Name: "."}
-		_ = ctx.Session.Set("linkAccountGothUser", gothUser)
+		_ = ctx.Session.Set("linkAccountData", auth.LinkAccountData{auth_model.Source{ID: 1}, gothUser})
 	}

 	t.Run("EnablePasswordSignInForm=false", func(t *testing.T) {