🔀 Merge pull request #1894 from Alexis-BX/Fix-Oidc-user-islogin-and-admin

Fix OIDC getUser and added admin role and group
2025-09-25 18:58:48 +02:00 · 2025-08-03 14:05:27 +01:00 · 2025-08-03 14:05:27 +01:00 · 4e00947322
commit 4e00947322
parent d4fa31098d ac13e546b7
6 changed files with 56 additions and 4 deletions
--- a/docs/authentication.md
+++ b/docs/authentication.md
@ -286,6 +286,7 @@ appConfig:
      clientId: [registered client id]
      endpoint: [OIDC endpoint]
      scope: [The scope(s) to request from the OIDC provider]
      adminGroup: admin
 ```
 Because Dashy is a SPA, a [public client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1) registration with PKCE is needed.
--- a/docs/configuring.md
+++ b/docs/configuring.md
@ -204,6 +204,8 @@ For more info, see the **[Authentication Docs](/docs/authentication.md)**
 --- | --- | --- | ---
 **`clientId`** | `string` | Required | The client id registered in the OIDC server
 **`endpoint`** | `string` | Required | The URL of the OIDC server that should be used.
 **`adminRole`** | `string` | _Optional_ | The role that will be considered as admin.
 **`adminGroup`** | `string` | _Optional_ | The group that will be considered as admin.
 **`scope`** | `string` | Required | The scope(s) to request from the OIDC provider
 **[⬆️ Back to Top](#configuring)**
--- a/src/utils/Auth.js
+++ b/src/utils/Auth.js
@ -31,7 +31,19 @@ const getUsers = () => {
    return []; // Support for old data structure now removed
  }
  // Otherwise, return the users array, if available
-  return auth.users || [];
+
  const users = auth.users || [];
  if (isOidcEnabled()) {
    if (localStorage[localStorageKeys.USERNAME]) {
      const user = {
        user: localStorage[localStorageKeys.USERNAME],
        type: localStorage[localStorageKeys.ISADMIN] === 'true' ? 'admin' : 'normal',
      };
      users.push(user);
    }
  }
  return users;
 };
 /**
@ -80,6 +92,17 @@ export const makeBasicAuthHeaders = () => {
 export const isLoggedIn = () => {
  const users = getUsers();
  const cookieToken = getCookieToken();
  if (isOidcEnabled()) {
    const username = localStorage[localStorageKeys.USERNAME]; // Get username
    if (!username) return false; // No username
    return users.some((user) => {
      if (user.user === username || generateUserToken(user) === cookieToken) {
        return true;
      } else return false;
    });
  }
  return users.some((user) => {
    if (generateUserToken(user) === cookieToken) {
      localStorage.setItem(localStorageKeys.USERNAME, user.user);
--- a/src/utils/ConfigSchema.json
+++ b/src/utils/ConfigSchema.json
@ -566,6 +566,18 @@
                  "type": "string",
                  "description": "ClientId from OIDC provider"
                },
                "adminRole" : {
                  "title": "Admin Role",
                  "type": "string",
                  "default": false,
                  "description": "The role that will be considered as admin. If not set, no roles will be considered as admin"
                },
                "adminGroup" : {
                  "title": "Admin Group",
                  "type": "string",
                  "default": false,
                  "description": "The group that will be considered as admin. If not set, no groups will be considered as admin"
                },
                "scope" : {
                    "title": "OIDC Scope",
                    "type": "string",
--- a/src/utils/OidcAuth.js
+++ b/src/utils/OidcAuth.js
@ -13,7 +13,13 @@ const getAppConfig = () => {
 class OidcAuth {
  constructor() {
    const { auth } = getAppConfig();
-    const { clientId, endpoint, scope } = auth.oidc;
+    const {
      clientId,
      endpoint,
      scope,
      adminGroup,
      adminRole,
    } = auth.oidc;
    const settings = {
      userStore: new WebStorageStateStore({ store: window.localStorage }),
      authority: endpoint,
@ -25,6 +31,8 @@ class OidcAuth {
      filterProtocolClaims: true,
    };
    this.adminGroup = adminGroup;
    this.adminRole = adminRole;
    this.userManager = new UserManager(settings);
  }
@ -43,22 +51,27 @@ class OidcAuth {
    if (user === null) {
      await this.userManager.signinRedirect();
    } else {
-      const { roles, groups } = user.profile;
+      const { roles = [], groups = [] } = user.profile;
      const info = {
        groups,
        roles,
      };
      const isAdmin = (Array.isArray(groups) && groups.includes(this.adminGroup))
                      || (Array.isArray(roles) && roles.includes(this.adminRole))
                      || false;
-      statusMsg(`user: ${user.profile.preferred_username}`, JSON.stringify(info));
+      statusMsg(`user: ${user.profile.preferred_username}   admin: ${isAdmin}`, JSON.stringify(info));
      localStorage.setItem(localStorageKeys.KEYCLOAK_INFO, JSON.stringify(info));
      localStorage.setItem(localStorageKeys.USERNAME, user.profile.preferred_username);
      localStorage.setItem(localStorageKeys.ISADMIN, isAdmin);
    }
  }
  async logout() {
    localStorage.removeItem(localStorageKeys.USERNAME);
    localStorage.removeItem(localStorageKeys.KEYCLOAK_INFO);
    localStorage.removeItem(localStorageKeys.ISADMIN);
    try {
      await this.userManager.signoutRedirect();
--- a/src/utils/defaults.js
+++ b/src/utils/defaults.js
@ -137,6 +137,7 @@ module.exports = {
    MOST_USED: 'mostUsed',
    LAST_USED: 'lastUsed',
    KEYCLOAK_INFO: 'keycloakInfo',
    ISADMIN: 'isAdmin',
    DISABLE_CRITICAL_WARNING: 'disableCriticalWarning',
  },
  /* Key names for cookie identifiers */