13758376151

Committed 10 Mar 2025 06:33AM CUT coverage: 57.479% (-0.003%) from 57.482%

Build # 13758376151

Build Type

Pull #5487

github

Committed by

web-flow

Commit Message

Merge 7d8ab1d58 into c9c74c1d1

Pull Request Pull Request #5487: build(deps): bump github/codeql-action from 3.28.10 to 3.28.11

Run Details

18138 of 31556 relevant lines covered (57.48%)

37.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/internal/auth/github.go

// SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
// SPDX-License-Identifier: Apache-2.0

// Package auth contains the authentication logic for the control plane
package auth

import (
        "context"
        "encoding/json"
        "fmt"
        "net/http"
        "net/url"

        "github.com/mindersec/minder/pkg/config/server"
)

// GetUserForGitHubId looks up a user in Keycloak by their GitHub ID.  This is a temporary
// implementation until we have a proper interface in front of IDP implementations.
//
// If the user is found, it returns their subject _in Keycloak_, suitable for use in
// the `sub` claim of a JWT, and in OpenFGA's user field.  Note that this function may
// return a user of "" with no error if no users were found matching the GitHub ID.
func GetUserForGitHubId(ctx context.Context, sic server.IdentityConfigWrapper, ghUser int64) (string, error) {
        // look up the user in the identity provider (keycloak-specific for now)
        q := url.Values{
                "q": {fmt.Sprintf("gh_id:%d", ghUser)},
                // TODO: add idpAlias and configuration for same
        }
        resp, err := sic.Server.AdminDo(ctx, "GET", "users", q, nil)
        if err != nil {
                return "", err
        }
        defer resp.Body.Close()
        if resp.StatusCode != http.StatusOK {
                return "", fmt.Errorf("unexpected status code %d", resp.StatusCode)
        }

        type kcUser struct {
                Id         string
                Username   string
                Attributes map[string][]string
        }
        users := []kcUser{}
        if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {
                return "", err
        }
        if len(users) == 0 {
                // No user found, that's okay.
                return "", nil
        }
        if len(users) > 1 {
                return "", fmt.Errorf("expected 1 user, got %d", len(users))
        }
        return users[0].Id, nil
}

1	// SPDX-FileCopyrightText: Copyright 2023 The Minder Authors
2	// SPDX-License-Identifier: Apache-2.0
3
4	// Package auth contains the authentication logic for the control plane
5	package auth
6
7	import (
8	"context"
9	"encoding/json"
10	"fmt"
11	"net/http"
12	"net/url"
13
14	"github.com/mindersec/minder/pkg/config/server"
15	)
16
17	// GetUserForGitHubId looks up a user in Keycloak by their GitHub ID. This is a temporary
18	// implementation until we have a proper interface in front of IDP implementations.
19	//
20	// If the user is found, it returns their subject _in Keycloak_, suitable for use in
21	// the `sub` claim of a JWT, and in OpenFGA's user field. Note that this function may
22	// return a user of "" with no error if no users were found matching the GitHub ID.
23	func GetUserForGitHubId(ctx context.Context, sic server.IdentityConfigWrapper, ghUser int64) (string, error) {	×
24	// look up the user in the identity provider (keycloak-specific for now)	×
25	q := url.Values{	×
26	"q": {fmt.Sprintf("gh_id:%d", ghUser)},	×
27	// TODO: add idpAlias and configuration for same	×
28	}	×
29	resp, err := sic.Server.AdminDo(ctx, "GET", "users", q, nil)	×
30	if err != nil {	×
31	return "", err	×
32	}	×
33	defer resp.Body.Close()	×
34	if resp.StatusCode != http.StatusOK {	×
35	return "", fmt.Errorf("unexpected status code %d", resp.StatusCode)	×
36	}	×
37
38	type kcUser struct {	×
39	Id string	×
40	Username string	×
41	Attributes map[string][]string	×
42	}	×
43	users := []kcUser{}	×
44	if err := json.NewDecoder(resp.Body).Decode(&users); err != nil {	×
45	return "", err	×
46	}	×
47	if len(users) == 0 {	×
48	// No user found, that's okay.	×
49	return "", nil	×
50	}	×
51	if len(users) > 1 {	×
52	return "", fmt.Errorf("expected 1 user, got %d", len(users))	×
53	}	×
54	return users[0].Id, nil	×
55	}

mindersec / minder / 13758376151

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous