From 01102cb9b0aa79a571f3edb0234a52f4f51c5f11 Mon Sep 17 00:00:00 2001
From: Christoph Kluge <christoph.kluge@fau.de>
Date: Wed, 23 Oct 2024 16:17:47 +0200
Subject: [PATCH] feat: add updateUserOnLogin config option for oidc, jwt

---
 internal/auth/auth.go             | 35 +++++++++++++++++++++++--------
 internal/auth/jwtCookieSession.go |  4 ++--
 internal/auth/jwtSession.go       |  4 ++--
 internal/auth/oidc.go             |  4 ++--
 pkg/schema/config.go              |  8 +++++--
 5 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index b6e4cbe..270989f 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -143,19 +143,36 @@ func GetAuthInstance() *Authentication {
 	return authInstance
 }
 
-func persistUser(user *schema.User) {
+func handleTokenUser(tokenUser *schema.User) {
 	r := repository.GetUserRepository()
-	dbUser, err := r.GetUser(user.Username)
+	dbUser, err := r.GetUser(tokenUser.Username)
 
 	if err != nil && err != sql.ErrNoRows {
-		log.Errorf("Error while loading user '%s': %v", user.Username, err)
-	} else if err == sql.ErrNoRows { // Adds New User
-		if err := r.AddUser(user); err != nil {
-			log.Errorf("Error while adding user '%s' to DB: %v", user.Username, err)
+		log.Errorf("Error while loading user '%s': %v", tokenUser.Username, err)
+	} else if err == sql.ErrNoRows && config.Keys.JwtConfig.SyncUserOnLogin { // Adds New User
+		if err := r.AddUser(tokenUser); err != nil {
+			log.Errorf("Error while adding user '%s' to DB: %v", tokenUser.Username, err)
 		}
-	} else { // Update Existing
-		if err := r.UpdateUser(dbUser, user); err != nil {
-			log.Errorf("Error while updating user '%s' to DB: %v", user.Username, err)
+	} else if err == nil && config.Keys.JwtConfig.UpdateUserOnLogin { // Update Existing User
+		if err := r.UpdateUser(dbUser, tokenUser); err != nil {
+			log.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
+		}
+	}
+}
+
+func handleOIDCUser(OIDCUser *schema.User) {
+	r := repository.GetUserRepository()
+	dbUser, err := r.GetUser(OIDCUser.Username)
+
+	if err != nil && err != sql.ErrNoRows {
+		log.Errorf("Error while loading user '%s': %v", OIDCUser.Username, err)
+	} else if err == sql.ErrNoRows && config.Keys.OpenIDConfig.SyncUserOnLogin { // Adds New User
+		if err := r.AddUser(OIDCUser); err != nil {
+			log.Errorf("Error while adding user '%s' to DB: %v", OIDCUser.Username, err)
+		}
+	} else if err == nil && config.Keys.OpenIDConfig.UpdateUserOnLogin { // Update Existing User
+		if err := r.UpdateUser(dbUser, OIDCUser); err != nil {
+			log.Errorf("Error while updating user '%s' to DB: %v", dbUser.Username, err)
 		}
 	}
 }
diff --git a/internal/auth/jwtCookieSession.go b/internal/auth/jwtCookieSession.go
index 926f7ba..7e0e045 100644
--- a/internal/auth/jwtCookieSession.go
+++ b/internal/auth/jwtCookieSession.go
@@ -198,8 +198,8 @@ func (ja *JWTCookieSessionAuthenticator) Login(
 			AuthSource: schema.AuthViaToken,
 		}
 
-		if jc.SyncUserOnLogin {
-			persistUser(user)
+		if jc.SyncUserOnLogin || jc.UpdateUserOnLogin {
+			handleTokenUser(user)
 		}
 	}
 
diff --git a/internal/auth/jwtSession.go b/internal/auth/jwtSession.go
index 765a9fd..67457ee 100644
--- a/internal/auth/jwtSession.go
+++ b/internal/auth/jwtSession.go
@@ -138,8 +138,8 @@ func (ja *JWTSessionAuthenticator) Login(
 			AuthSource: schema.AuthViaToken,
 		}
 
-		if config.Keys.JwtConfig.SyncUserOnLogin {
-			persistUser(user)
+		if config.Keys.JwtConfig.SyncUserOnLogin || config.Keys.JwtConfig.UpdateUserOnLogin {
+			handleTokenUser(user)
 		}
 	}
 
diff --git a/internal/auth/oidc.go b/internal/auth/oidc.go
index 5cfb563..ba1c9da 100644
--- a/internal/auth/oidc.go
+++ b/internal/auth/oidc.go
@@ -168,8 +168,8 @@ func (oa *OIDC) OAuth2Callback(rw http.ResponseWriter, r *http.Request) {
 		AuthSource: schema.AuthViaOIDC,
 	}
 
-	if config.Keys.OpenIDConfig.SyncUserOnLogin {
-		persistUser(user)
+	if config.Keys.OpenIDConfig.SyncUserOnLogin || config.Keys.OpenIDConfig.UpdateUserOnLogin {
+		handleOIDCUser(user)
 	}
 
 	oa.authentication.SaveSession(rw, r, user)
diff --git a/pkg/schema/config.go b/pkg/schema/config.go
index 04e3f10..b87841c 100644
--- a/pkg/schema/config.go
+++ b/pkg/schema/config.go
@@ -24,8 +24,9 @@ type LdapConfig struct {
 }
 
 type OpenIDConfig struct {
-	Provider        string `json:"provider"`
-	SyncUserOnLogin bool   `json:"syncUserOnLogin"`
+	Provider          string `json:"provider"`
+	SyncUserOnLogin   bool   `json:"syncUserOnLogin"`
+	UpdateUserOnLogin bool   `json:"updateUserOnLogin"`
 }
 
 type JWTAuthConfig struct {
@@ -45,6 +46,9 @@ type JWTAuthConfig struct {
 
 	// Should an non-existent user be added to the DB based on the information in the token
 	SyncUserOnLogin bool `json:"syncUserOnLogin"`
+
+	// Should an existent user be updated in the DB based on the information in the token
+	UpdateUserOnLogin bool `json:"updateUserOnLogin"`
 }
 
 type IntRange struct {