Merge branch 'master' into stable

internal/app/api/core/assets/doc/v1_swagger.json

@@ -2216,7 +2216,9 @@
                     "description": "The source of the user. This field is optional.",
                     "type": "string",
                     "enum": [
-                        "db"
+                        "db",
+                        "ldap",
+                        "oauth"
                     ],
                     "example": "db"
                 }

internal/app/api/core/assets/doc/v1_swagger.yaml

@@ -561,6 +561,8 @@ definitions:
         description: The source of the user. This field is optional.
         enum:
         - db
+        - ldap
+        - oauth
         example: db
         type: string
     required:

internal/app/api/v1/handlers/endpoint_interface.go

@@ -48,12 +48,12 @@ func (e InterfaceEndpoint) RegisterRoutes(g *routegroup.Bundle) {
 	apiGroup.Use(e.authenticator.LoggedIn(ScopeAdmin))
 
 	apiGroup.HandleFunc("GET /all", e.handleAllGet())
-	apiGroup.HandleFunc("GET /by-id/{id}", e.handleByIdGet())
+	apiGroup.HandleFunc("GET /by-id/{id...}", e.handleByIdGet())
 
 	apiGroup.HandleFunc("GET /prepare", e.handlePrepareGet())
 	apiGroup.HandleFunc("POST /new", e.handleCreatePost())
-	apiGroup.HandleFunc("PUT /by-id/{id}", e.handleUpdatePut())
-	apiGroup.HandleFunc("DELETE /by-id/{id}", e.handleDelete())
+	apiGroup.HandleFunc("PUT /by-id/{id...}", e.handleUpdatePut())
+	apiGroup.HandleFunc("DELETE /by-id/{id...}", e.handleDelete())
 }
 
 // handleAllGet returns a gorm Handler function.

internal/app/api/v1/handlers/endpoint_metrics.go

@@ -44,10 +44,10 @@ func (e MetricsEndpoint) RegisterRoutes(g *routegroup.Bundle) {
 	apiGroup := g.Mount("/metrics")
 	apiGroup.Use(e.authenticator.LoggedIn())
 
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /by-interface/{id}",
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /by-interface/{id...}",
 		e.handleMetricsForInterfaceGet())
-	apiGroup.HandleFunc("GET /by-user/{id}", e.handleMetricsForUserGet())
-	apiGroup.HandleFunc("GET /by-peer/{id}", e.handleMetricsForPeerGet())
+	apiGroup.HandleFunc("GET /by-user/{id...}", e.handleMetricsForUserGet())
+	apiGroup.HandleFunc("GET /by-peer/{id...}", e.handleMetricsForPeerGet())
 }
 
 // handleMetricsForInterfaceGet returns a gorm Handler function.

internal/app/api/v1/handlers/endpoint_peer.go

@@ -47,15 +47,15 @@ func (e PeerEndpoint) RegisterRoutes(g *routegroup.Bundle) {
 	apiGroup := g.Mount("/peer")
 	apiGroup.Use(e.authenticator.LoggedIn())
 
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /by-interface/{id}",
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /by-interface/{id...}",
 		e.handleAllForInterfaceGet())
-	apiGroup.HandleFunc("GET /by-user/{id}", e.handleAllForUserGet())
-	apiGroup.HandleFunc("GET /by-id/{id}", e.handleByIdGet())
+	apiGroup.HandleFunc("GET /by-user/{id...}", e.handleAllForUserGet())
+	apiGroup.HandleFunc("GET /by-id/{id...}", e.handleByIdGet())
 
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /prepare/{id}", e.handlePrepareGet())
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /prepare/{id...}", e.handlePrepareGet())
 	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("POST /new", e.handleCreatePost())
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("PUT /by-id/{id}", e.handleUpdatePut())
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("DELETE /by-id/{id}", e.handleDelete())
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("PUT /by-id/{id...}", e.handleUpdatePut())
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("DELETE /by-id/{id...}", e.handleDelete())
 }
 
 // handleAllForInterfaceGet returns a gorm Handler function.

internal/app/api/v1/handlers/endpoint_user.go

@@ -47,10 +47,10 @@ func (e UserEndpoint) RegisterRoutes(g *routegroup.Bundle) {
 	apiGroup.Use(e.authenticator.LoggedIn())
 
 	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("GET /all", e.handleAllGet())
-	apiGroup.HandleFunc("GET /by-id/{id}", e.handleByIdGet())
+	apiGroup.HandleFunc("GET /by-id/{id...}", e.handleByIdGet())
 	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("POST /new", e.handleCreatePost())
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("PUT /by-id/{id}", e.handleUpdatePut())
-	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("DELETE /by-id/{id}", e.handleDelete())
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("PUT /by-id/{id...}", e.handleUpdatePut())
+	apiGroup.With(e.authenticator.LoggedIn(ScopeAdmin)).HandleFunc("DELETE /by-id/{id...}", e.handleDelete())
 }
 
 // handleAllGet returns a gorm Handler function.

internal/app/api/v1/models/models_user.go

@@ -13,7 +13,7 @@ type User struct {
 	// The email address of the user. This field is optional.
 	Email string `json:"Email" binding:"omitempty,email" example:"test@test.com"`
 	// The source of the user. This field is optional.
-	Source string `json:"Source" binding:"oneof=db" example:"db"`
+	Source string `json:"Source" binding:"oneof=db ldap oauth" example:"db"`
 	// The name of the authentication provider. This field is read-only.
 	ProviderName string `json:"ProviderName,omitempty" readonly:"true" example:""`
 	// If this field is set, the user is an admin.

internal/app/auth/auth_ldap.go

@@ -20,18 +20,7 @@ type LdapAuthenticator struct {
 }
 
 func newLdapAuthenticator(_ context.Context, cfg *config.LdapProvider) (*LdapAuthenticator, error) {
-	var provider = &LdapAuthenticator{}
-
-	provider.cfg = cfg
-
-	dn, err := ldap.ParseDN(cfg.AdminGroupDN)
-	if err != nil {
-		return nil, fmt.Errorf("failed to parse admin group DN: %w", err)
-	}
-	provider.cfg.FieldMap = provider.getLdapFieldMapping(cfg.FieldMap)
-	provider.cfg.ParsedAdminGroupDN = dn
-
-	return provider, nil
+	return &LdapAuthenticator{cfg: cfg}, nil
 }
 
 // GetName returns the name of the LDAP authenticator.
@@ -154,40 +143,3 @@ func (l LdapAuthenticator) ParseUserInfo(raw map[string]any) (*domain.Authentica
 
 	return userInfo, nil
 }
-
-func (l LdapAuthenticator) getLdapFieldMapping(f config.LdapFields) config.LdapFields {
-	defaultMap := config.LdapFields{
-		BaseFields: config.BaseFields{
-			UserIdentifier: "mail",
-			Email:          "mail",
-			Firstname:      "givenName",
-			Lastname:       "sn",
-			Phone:          "telephoneNumber",
-			Department:     "department",
-		},
-		GroupMembership: "memberOf",
-	}
-	if f.UserIdentifier != "" {
-		defaultMap.UserIdentifier = f.UserIdentifier
-	}
-	if f.Email != "" {
-		defaultMap.Email = f.Email
-	}
-	if f.Firstname != "" {
-		defaultMap.Firstname = f.Firstname
-	}
-	if f.Lastname != "" {
-		defaultMap.Lastname = f.Lastname
-	}
-	if f.Phone != "" {
-		defaultMap.Phone = f.Phone
-	}
-	if f.Department != "" {
-		defaultMap.Department = f.Department
-	}
-	if f.GroupMembership != "" {
-		defaultMap.GroupMembership = f.GroupMembership
-	}
-
-	return defaultMap
-}

internal/app/users/user_manager.go

@@ -551,6 +551,12 @@ func (m Manager) updateLdapUsers(
 			return fmt.Errorf("failed to convert LDAP data for %v: %w", rawUser["dn"], err)
 		}
 
+		if provider.SyncLogUserInfo {
+			slog.Debug("ldap user data",
+				"raw-user", rawUser, "user", user.Identifier,
+				"is-admin", user.IsAdmin, "provider", provider.ProviderName)
+		}
+
 		existingUser, err := m.users.GetUser(ctx, user.Identifier)
 		if err != nil && !errors.Is(err, domain.ErrNotFound) {
 			return fmt.Errorf("find error for user id %s: %w", user.Identifier, err)