Merge pull request #64 from pbence/allow-configure-username-and-domain

Allow configure username and domain
2025-10-29 01:02:36 +00:00 · 2025-03-30 17:14:30 +00:00
parent 8e1d9d0476 eb6c3e47c8
commit 3c7680622a
4 changed files with 12 additions and 5 deletions
--- a/README.md
+++ b/README.md
@@ -89,6 +89,8 @@ properties are needed in `mailu.env`:
 | `OIDC_VERIFY_SSL`                       | Disable TLS certificate verification for the OIDC client                                                            | `True` \| `False`         |
 | `OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED` | If enabled, OIDC users will have an button to get redirect to their OIDC provider to change their password          | `True` \| `False`         |
 | `OIDC_CHANGE_PASSWORD_REDIRECT_URL`     | Defaults to provider issuer url appended by `/.well-known/change-password`.                                         | [https://`host`/pw-change]() |
+| `OIDC_USERNAME_CLAIM`                   | 	The OIDC claim used as the username. If the selected claim contains an email address, it will be used as is. If it is not an email (e.g., `sub`), the email address will be constructed as `<OIDC_USERNAME_CLAIM>@<OIDC_USER_DOMAIN>`. Defaults to `email`. | `email` \| `sub`
+| `OIDC_USER_DOMAIN`                      | The domain used when constructing an email from a non-email username (e.g., when `OIDC_USERNAME_CLAIM=sub`). Ignored if `OIDC_USERNAME_CLAIM` is already an email. Defaults to the value of `DOMAIN`. | `example.com`

 Here is a snippet for easy copy paste:

--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@@ -58,6 +58,8 @@ DEFAULT_CONFIG = {
    'OIDC_CHANGE_PASSWORD_REDIRECT_ENABLED': True,
    'OIDC_CHANGE_PASSWORD_REDIRECT_URL': None,
    'OIDC_REDIRECT_URL': None,
+    'OIDC_USERNAME_CLAIM': 'email',
+    'OIDC_USER_DOMAIN': None,
    # Mail settings
    'DMARC_RUA': None,
    'DMARC_RUF': None,
--- a/core/admin/mailu/oidc.py
+++ b/core/admin/mailu/oidc.py
@@ -197,11 +197,11 @@ class OicClient:
            raise PyoidcError("Error response in user info")

        return (
-            user_info_response["email"],
-            user_info_response["sub"],
-            token_response["id_token"],
-            token_response,
-        )
+                user_info_response[self.app.config.get('OIDC_USERNAME_CLAIM', 'email')],
+                user_info_response['sub'],
+                token_response["id_token"],
+                token_response
+            )

    def get_user_info(
        self, token: AccessTokenResponse
--- a/core/admin/mailu/sso/views/base.py
+++ b/core/admin/mailu/sso/views/base.py
@@ -53,6 +53,9 @@ def login():
                flask.flash('Wrong e-mail or password', 'error')
                return render_oidc_template(form, fields)
            
+            if '@' not in username:
+                username = username + '@' + app.config.get('OIDC_USER_DOMAIN', app.config['DOMAIN'])
+
            user = models.User.get(username)
            if user is None:
                user = models.User.create(username)