Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

question: Add multiple emails to a user transform #246

Open
sandstormkeshav opened this issue Jul 15, 2023 · 5 comments
Open

question: Add multiple emails to a user transform #246

sandstormkeshav opened this issue Jul 15, 2023 · 5 comments
Assignees
@greenpau
Labels
question Further information is requested user transforms

Comments

@sandstormkeshav
Copy link

A clear and concise description of what you want to accomplish.

I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?
@sandstormkeshav sandstormkeshav added need triage question Further information is requested labels Jul 15, 2023
@greenpau
Copy link
Owner

I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?

Yes, please read https://authp.github.io/docs/authenticate/user-transforms and experiment with regex patterns. The conditional match is based on https://authp.github.io/docs/authorize/acl-rbac#conditions

There is also a way to have multiple match statements and then say match any of them. However, I don't remember how I did it. It is probably something like this.

match email1@foo
match email2@bar
default match any

@sandstormkeshav
Copy link
Author

I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?

Yes, please read https://authp.github.io/docs/authenticate/user-transforms and experiment with regex patterns. The conditional match is based on https://authp.github.io/docs/authorize/acl-rbac#conditions

There is also a way to have multiple match statements and then say match any of them. However, I don't remember how I did it. It is probably something like this.

match email1@foo
match email2@bar
default match any

Thank you, I will try the regex patterns and report back. I was not aware of the "default match any" statement, can this be found in the docs?

Also if I would like to prevent issuance of a token unless they are matched by a user transform, how could I go about doing that. Kind of like a catch-all. Would you recommend the regex here as well, or might there be a better way?

                       transform user {
match realm google
                               no match email [email protected]
                                block
                        }

Thank you very much!

@qrkourier
Copy link

I formatted a space separated list of allowed emails like this, though I couldn't find documentation suggesting a line continuation syntax for Caddyfile.

match email \
    bob@example.com \
    alice@example.org

@greenpau
Copy link
Owner

I formatted a space separated list of allowed emails like this, though I couldn't find documentation suggesting a line continuation syntax for Caddyfile.

@qrkourier , idk.

One thing that comes to mind is creating a function.

(block_user) {
  transform user {
    match realm {args[0]}
    match email {args[1]}
    block
  }
}

Then use it.

block_user google [email protected]
block_user google [email protected]

Which would be result in:

  transform user {
    match realm google
    match email [email protected]
    block
  }

Hope this helps.

@greenpau
Copy link
Owner

Also if I would like to prevent issuance of a token unless they are matched by a user transform, how could I go about doing that. Kind of like a catch-all. Would you recommend the regex here as well, or might there be a better way?

@sandstormkeshav , I would probably use no regex match email REGEX_PATTERN

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenpau greenpau

Labels
question Further information is requested user transforms
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@qrkourier @greenpau @sandstormkeshav