From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Thu, 25 Nov 2021 06:57:10 +0000 (+0100)
Subject: openid: fix username-claim fallback
X-Git-Url: https://git.proxmox.com/?p=pve-access-control.git;a=commitdiff_plain;h=aa71c0f0f61b490b491bb4c30f2030396de19e05

openid: fix username-claim fallback

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PVE/API2/OpenId.pm b/src/PVE/API2/OpenId.pm
index 03a7a04..c838b2c 100644
--- a/src/PVE/API2/OpenId.pm
+++ b/src/PVE/API2/OpenId.pm
@@ -174,19 +174,19 @@ __PACKAGE__->register_method ({
 	    my $subject = $info->{'sub'};
 
 	    my $unique_name;
-	    if (defined(my $user_attr = $config->{'username-claim'})) {
-		if (defined($info->{$user_attr})) {
-		    $unique_name = $info->{$user_attr};
-		} elsif ($user_attr eq 'subject') { # stay compat with old versions
-		    $unique_name = $subject;
-		} elsif ($user_attr eq 'username') { # stay compat with old versions
-		    my $username = $info->{'preferred_username'};
-		    die "missing claim 'preferred_username'\n" if !defined($username);
-		    $unique_name =  $username;
-		} else {
-		    # neither the attr nor fallback are defined in info..
-		    die "missing configured claim '$user_attr'\n";
-		}
+
+	    my $user_attr = $config->{'username-claim'} // 'sub';
+	    if (defined($info->{$user_attr})) {
+		$unique_name = $info->{$user_attr};
+	    } elsif ($user_attr eq 'subject') { # stay compat with old versions
+		$unique_name = $subject;
+	    } elsif ($user_attr eq 'username') { # stay compat with old versions
+		my $username = $info->{'preferred_username'};
+		die "missing claim 'preferred_username'\n" if !defined($username);
+		$unique_name =  $username;
+	    } else {
+		# neither the attr nor fallback are defined in info..
+		die "missing configured claim '$user_attr' in returned info object\n";
 	    }
 
 	    my $username = "${unique_name}\@${realm}";