SCIM: Update authinfoquery (#103123)

* Rewrite mismatched externalUID error message * Update AuhtInfo if user exists
4 months ago · d82d03a1d3
parent 5ef9533751
commit d82d03a1d3
3 changed files with 16 additions and 9 deletions
--- a/pkg/services/authn/authnimpl/sync/user_sync.go
+++ b/pkg/services/authn/authnimpl/sync/user_sync.go
@ -48,7 +48,7 @@ var (
 	)
 	errMismatchedExternalUID = errutil.Unauthorized(
 		"user.sync.mismatched-externalUID",
-		errutil.WithPublicMessage("Mismatched externalUID"),
+		errutil.WithPublicMessage("Mismatched provisioned identity"),
 	)
 	errEmptyExternalUID = errutil.Unauthorized(
 		"user.sync.empty-externalUID",
@ -134,6 +134,11 @@ func (s *UserSync) SyncUserHook(ctx context.Context, id *authn.Identity, _ *auth
 		}
 	}

+	if usr.IsProvisioned && id.ExternalUID != userAuth.ExternalUID {
+		s.log.Error("mismatched externalUID", "provisioned_externalUID", userAuth.ExternalUID, "identity_externalUID", id.ExternalUID)
+		return errMismatchedExternalUID.Errorf("externalUID mistmatch")
+	}
+
 	syncUserToIdentity(usr, id)
 	return nil
 }
--- a/pkg/services/login/authinfoimpl/store.go
+++ b/pkg/services/login/authinfoimpl/store.go
@ -155,6 +155,7 @@ func (s *Store) UpdateAuthInfo(ctx context.Context, cmd *login.UpdateAuthInfoCom
 		AuthModule:  cmd.AuthModule,
 		AuthId:      cmd.AuthId,
 		Created:     GetTime(),
+		ExternalUID: cmd.ExternalUID,
 	}

 	if cmd.OAuthToken != nil {
--- a/pkg/services/login/model.go
+++ b/pkg/services/login/model.go
@ -85,6 +85,7 @@ type UpdateAuthInfoCommand struct {
 	AuthId      string
 	UserId      int64
 	OAuthToken  *oauth2.Token
+	ExternalUID string
 }

 type DeleteAuthInfoCommand struct {