EnrichSession uses the Nextcloud userinfo endpoint to populate the session's email, user, and groups.
(ctx context.Context, s *sessions.SessionState)
| 37 | // EnrichSession uses the Nextcloud userinfo endpoint to populate |
| 38 | // the session's email, user, and groups. |
| 39 | func (p *NextcloudProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error { |
| 40 | // Fallback to ValidateURL if ProfileURL not set for legacy compatibility |
| 41 | profileURL := p.ValidateURL.String() |
| 42 | if p.ProfileURL.String() != "" { |
| 43 | profileURL = p.ProfileURL.String() |
| 44 | } |
| 45 | |
| 46 | json, err := requests.New(profileURL). |
| 47 | WithContext(ctx). |
| 48 | SetHeader("Authorization", tokenTypeBearer+" "+s.AccessToken). |
| 49 | Do(). |
| 50 | UnmarshalSimpleJSON() |
| 51 | if err != nil { |
| 52 | logger.Errorf("failed making request %v", err) |
| 53 | return err |
| 54 | } |
| 55 | |
| 56 | groups, err := json.GetPath("ocs", "data", "groups").StringArray() |
| 57 | if err == nil { |
| 58 | for _, group := range groups { |
| 59 | if group != "" { |
| 60 | s.Groups = append(s.Groups, group) |
| 61 | } |
| 62 | } |
| 63 | } |
| 64 | |
| 65 | user, err := json.GetPath("ocs", "data", "id").String() |
| 66 | if err != nil { |
| 67 | return fmt.Errorf("unable to extract id from userinfo endpoint: %v", err) |
| 68 | } |
| 69 | s.User = user |
| 70 | |
| 71 | email, err := json.GetPath("ocs", "data", "email").String() |
| 72 | if err != nil { |
| 73 | return fmt.Errorf("unable to extract email from userinfo endpoint: %v", err) |
| 74 | } |
| 75 | s.Email = email |
| 76 | |
| 77 | return nil |
| 78 | } |
| 79 | |
| 80 | // ValidateSession validates the AccessToken |
| 81 | func (p *NextcloudProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool { |
nothing calls this directly
no test coverage detected