diff --git a/SSO-Auth/Api/SSOController.cs b/SSO-Auth/Api/SSOController.cs index 1e7ef8f..220a146 100644 --- a/SSO-Auth/Api/SSOController.cs +++ b/SSO-Auth/Api/SSOController.cs @@ -83,14 +83,14 @@ public ActionResult OidPost( { var options = new OidcClientOptions { - Authority = config.OidEndpoint.Trim(), - ClientId = config.OidClientId.Trim(), - ClientSecret = config.OidSecret.Trim(), + Authority = config.OidEndpoint?.Trim(), + ClientId = config.OidClientId?.Trim(), + ClientSecret = config.OidSecret?.Trim(), RedirectUri = GetRequestBase() + "/sso/OID/r/" + provider, Scope = string.Join(" ", config.OidScopes.Prepend("openid profile")), }; options.Policy.Discovery.ValidateEndpoints = false; // For Google and other providers with different endpoints - options.Policy.Discovery.RequireHttps = config.RequireHttps || true; + options.Policy.Discovery.RequireHttps = config?.RequireHttps ?? true; var oidcClient = new OidcClient(options); var currentState = StateManager[state].State; var result = oidcClient.ProcessResponseAsync(Request.QueryString.Value, currentState).Result; @@ -110,7 +110,7 @@ public ActionResult OidPost( foreach (var claim in result.User.Claims) { - if (claim.Type == (config.DefaultUsernameClaim.Trim() ?? "preferred_username")) + if (claim.Type == (config.DefaultUsernameClaim?.Trim() ?? "preferred_username")) { StateManager[state].Username = claim.Value; if (config.Roles.Length == 0) @@ -122,7 +122,7 @@ public ActionResult OidPost( // Role processing // The regex matches any "." not preceded by a "\": a.b.c will be split into a, b, and c, but a.b\.c will be split into a, b.c (after processing the escaped dots) // We have to first process the RoleClaim string - string[] segments = Regex.Split(config.RoleClaim.Trim(), "(? OidChallenge(string provider, [FromQuery] bool i { var options = new OidcClientOptions { - Authority = config.OidEndpoint.Trim(), - ClientId = config.OidClientId.Trim(), - ClientSecret = config.OidSecret.Trim(), + Authority = config.OidEndpoint?.Trim(), + ClientId = config.OidClientId?.Trim(), + ClientSecret = config.OidSecret?.Trim(), RedirectUri = GetRequestBase() + "/sso/OID/r/" + provider, Scope = string.Join(" ", config.OidScopes.Prepend("openid profile")), }; @@ -372,7 +372,7 @@ public async Task OidAuth(string provider, [FromBody] AuthResponse { Guid userId = await CreateCanonicalLinkAndUserIfNotExist("oid", provider, kvp.Value.Username); - var authenticationResult = await Authenticate(userId, kvp.Value.Admin, config.EnableAuthorization, config.EnableAllFolders, kvp.Value.Folders.ToArray(), response, config.DefaultProvider.Trim()) + var authenticationResult = await Authenticate(userId, kvp.Value.Admin, config.EnableAuthorization, config.EnableAllFolders, kvp.Value.Folders.ToArray(), response, config.DefaultProvider?.Trim()) .ConfigureAwait(false); return Ok(authenticationResult); }