Mapping fields - Cloudflare (#2025)

* Mapping fields - Cloudflare * Applying suggestions * Mapping fields - GoogleIAP
2025-12-11 06:05:56 +08:00 · 2023-07-02 20:46:12 +02:00 · 2023-07-02 20:46:12 +02:00 · 2272f1445f
commit 2272f1445f
parent 2ebd86f0f4
2 changed files with 13 additions and 20 deletions
--- a/lib/livebook/zta/cloudflare.ex
+++ b/lib/livebook/zta/cloudflare.ex
@ -7,6 +7,7 @@ defmodule Livebook.ZTA.Cloudflare do

  @assertion "cf-access-jwt-assertion"
  @renew_afer 24 * 60 * 60 * 1000
+  @fields %{"user_uuid" => :id, "name" => :name, "email" => :email}

  defstruct [:name, :req_options, :identity, :keys]

@ -46,12 +47,12 @@ defmodule Livebook.ZTA.Cloudflare do
    keys
  end

-  defp authenticated_user(token, fields, identity, keys) do
+  defp authenticated_user(token, _fields, identity, keys) do
    with [encoded_token] <- token,
         {:ok, token} <- verify_token(encoded_token, keys),
         :ok <- verify_iss(token, identity.iss),
-         {:ok, user} <- get_user_identity(encoded_token, fields, identity.user_identity) do
-      Map.new(user, fn {k, v} -> {String.to_atom(k), to_string(v)} end)
+         {:ok, user} <- get_user_identity(encoded_token, identity.user_identity) do
+      for({k, v} <- user, new_k = @fields[k], do: {new_k, v}, into: %{})
    else
      _ -> nil
    end
@ -69,11 +70,10 @@ defmodule Livebook.ZTA.Cloudflare do
  defp verify_iss(%{fields: %{"iss" => iss}}, iss), do: :ok
  defp verify_iss(_, _), do: :error

-  defp get_user_identity(token, fields, url) do
+  defp get_user_identity(token, url) do
    token = "CF_Authorization=#{token}"
-    fields = Enum.map(fields, &Atom.to_string/1)
    resp = Req.request!(url: url, headers: [{"cookie", token}])
-    if resp.status == 200, do: {:ok, Map.take(resp.body, fields)}, else: :error
+    if resp.status == 200, do: {:ok, resp.body}, else: :error
  end

  defp identity(key) do
--- a/lib/livebook/zta/googleiap.ex
+++ b/lib/livebook/zta/googleiap.ex
@ -7,6 +7,7 @@ defmodule Livebook.ZTA.GoogleIAP do

  @assertion "x-goog-iap-jwt-assertion"
  @renew_afer 24 * 60 * 60 * 1000
+  @fields %{"sub" => :id, "name" => :name, "email" => :email}

  defstruct [:name, :req_options, :identity, :keys]

@ -46,12 +47,12 @@ defmodule Livebook.ZTA.GoogleIAP do
    keys
  end

-  defp authenticated_user(token, fields, identity, keys) do
+  defp authenticated_user(token, _fields, identity, keys) do
    with [encoded_token] <- token,
         {:ok, token} <- verify_token(encoded_token, keys),
         :ok <- verify_iss(token, identity.iss),
-         {:ok, user} <- get_user_identity(token, fields, identity.user_identity) do
-      user
+         {:ok, user} <- get_user_identity(token) do
+      for({k, v} <- user, new_k = @fields[k], do: {new_k, v}, into: %{})
    else
      _ -> nil
    end
@ -69,17 +70,9 @@ defmodule Livebook.ZTA.GoogleIAP do
  defp verify_iss(%{fields: %{"iss" => iss}}, iss), do: :ok
  defp verify_iss(_, _), do: :error

-  defp get_user_identity(%{fields: %{"gcip" => gcip}}, _, _) do
-    user = %{name: gcip["name"], email: gcip["email"], id: gcip["sub"]}
-    {:ok, user}
-  end
-
-  defp get_user_identity(%{fields: fields}, _, _url) do
-    user = %{name: fields["email"], email: fields["email"], id: fields["sub"]}
-    {:ok, user}
-  end
-
-  defp get_user_identity(_, _, _), do: :error
+  defp get_user_identity(%{fields: %{"gcip" => gcip}}), do: {:ok, gcip}
+  defp get_user_identity(%{fields: fields}), do: {:ok, fields}
+  defp get_user_identity(_), do: :error

  defp identity(key) do
    %{