From d4873965c8f9758df57d13dda2479fcb72954387 Mon Sep 17 00:00:00 2001 From: joneshf Date: Sat, 5 Jul 2025 13:53:00 +0200 Subject: [PATCH] feat: add `--attribute-ssh-pubic-key` to forgejo admin auth add-oauth and update-oauth CLI (#8383) As explained in https://codeberg.org/forgejo/forgejo/issues/8072, the CLI was missing a way to set the `AttributeSSHPublicKey` field that was added in https://codeberg.org/forgejo/forgejo/pulls/6232. We add a flag to do that, and thread it through where necessary. The checklist mentions adding tests, but the code in `cmd/admin_auth_oauth.go` seems to not have a `cmd/admin_auth_oauth_test.go`, and I'm not sure if there's something else that's testing this behavior. I can try to add tests if there's already a good spot to slot them in. If not, it seems like adding a `cmd/cmd/admin_auth_oauth_test.go` that worked similar to the current `cmd/admin_auth_ldap_test.go` might be a bit big of a change. As far as documentation, I might be wrong about this, but it seems like the CLI docs are only updated once there's a new release. I can't do that yet, so I don't think that either of the checkboxes apply to this PR. ## Manual testing There are two CLI commands that can be validated: `forgejo admin auth add-oauth` and `forgejo admin auth update-oauth`. 1. `forgejo admin auth add-oauth` requires an actual auto-discovery URL that responds appropriately. - If there is not already an OIDC provider set up that has an auto-discovery URL, the sample OIDC provider at https://openidconnect.net/ can be used with it's auto-discovery URL of https://samples.auth0.com/.well-known/openid-configuration. 1. Run the following command to create a new OAuth2 authentication source: ```Console forgejo admin auth add-oauth --attribute-ssh-public-key=ssh_public_key_field --auto-discover-url=https://samples.auth0.com/.well-known/openid-configuration --name='Delete this later' --provider=openidConnect ``` - This should create a new OAuth2 authentication source named "Delete this later" with the "Public SSH key attribute" field set to `ssh_public_key_field`.
Screenshot of newly created OAuth2 authentication source ![forgejo-admin-auth-add-oauth](/attachments/166f3f82-adc8-4ef9-9128-fb8a923fdc0d)
1. `forgejo admin auth update-oauth` requires the id of the newly created OAuth2 authentication source. - This id can be found on either the "Authentication sources" page (`/admin/auths`) or as the URL of the newly created OAuth2 authentication source (`/admins/auths/{id}`). 1. Run the following command to update the OAuth2 authentication source: ```Console forgejo admin auth update-oauth --attribute-ssh-public-key=ssh_public_key_field_new_name --id= ``` - This should change the "Public SSH key attribute" to `ssh_public_key_field_new_name`.
Screenshot of updated OAuth2 authentication source ![forgejo-admin-auth-update-oauth](/attachments/9674dba0-6ed1-4fb8-8eb8-d7f33cbf8c3a)
## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [ ] I did not document these changes and I do not expect someone else to do it. ### Release notes - [ ] I do not want this change to show in the release notes. - [x] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/.md` to be be used for the release notes instead of the title. ## Release notes - Features - [PR](https://codeberg.org/forgejo/forgejo/pulls/8383): add `--attribute-ssh-pubic-key` to forgejo admin auth add-oauth and update-oauth CLI Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8383 Reviewed-by: Earl Warren Co-authored-by: joneshf Co-committed-by: joneshf --- cmd/admin_auth_oauth.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cmd/admin_auth_oauth.go b/cmd/admin_auth_oauth.go index abdcd5d48a..a638bf0210 100644 --- a/cmd/admin_auth_oauth.go +++ b/cmd/admin_auth_oauth.go @@ -86,6 +86,11 @@ func oauthCLIFlags() []cli.Flag { Value: nil, Usage: "Scopes to request when to authenticate against this OAuth2 source", }, + &cli.StringFlag{ + Name: "attribute-ssh-public-key", + Value: "", + Usage: "Claim name providing SSH public keys for this source", + }, &cli.StringFlag{ Name: "required-claim-name", Value: "", @@ -163,6 +168,7 @@ func parseOAuth2Config(_ context.Context, c *cli.Command) *oauth2.Source { IconURL: c.String("icon-url"), SkipLocalTwoFA: c.Bool("skip-local-2fa"), Scopes: c.StringSlice("scopes"), + AttributeSSHPublicKey: c.String("attribute-ssh-public-key"), RequiredClaimName: c.String("required-claim-name"), RequiredClaimValue: c.String("required-claim-value"), GroupClaimName: c.String("group-claim-name"), @@ -244,6 +250,10 @@ func runUpdateOauth(ctx context.Context, c *cli.Command) error { oAuth2Config.Scopes = c.StringSlice("scopes") } + if c.IsSet("attribute-ssh-public-key") { + oAuth2Config.AttributeSSHPublicKey = c.String("attribute-ssh-public-key") + } + if c.IsSet("required-claim-name") { oAuth2Config.RequiredClaimName = c.String("required-claim-name") }