Reordering available tenancies
Reordering available tenancies
async function customMiddleware(req, res, next) {
const rorRequest = req.rorRequest;
const userRequest = rorRequest && (await req.rorRequest.getUserRequestIdentity());
const metadata = userRequest && userRequest.metadata;
const defaultGroup = 'infosec';
const X_FORWARDED_USER = 'x-forwarded-user';
if (rorRequest.getPath() === '/login' && rorRequest.getMethod() === 'post') {
// For the login form
if (rorRequest.getBody().username === 'admin') {
rorRequest.setQuery('defaultGroup', defaultGroup);
}
// For the SAML/OIDC login
const token = rorRequest.getBody().conn_svc_transient_jwt;
if (token) {
const parsedJWT = JSON.parse(Buffer.from(token.split('.')[1], 'base64').toString());
if (parsedJWT.user === 'admin') {
rorRequest.setQuery('defaultGroup', defaultGroup);
}
}
}
// For the Proxy authorization
if (!metadata && req.headers[X_FORWARDED_USER]) {
if (req.headers[X_FORWARDED_USER] === 'admin') {
rorRequest.setQuery('defaultGroup', defaultGroup);
}
}
if (metadata && rorRequest.getPath() === '/pkp/api/info') {
const availableGroups = metadata.availableGroups;
if (availableGroups.some(availableGroup => availableGroup.id === defaultGroup)) {
const reorderedGroups = [...availableGroups].sort((a, b) =>
a.id === defaultGroup ? -1 : b.id === defaultGroup ? 1 : 0
);
rorRequest.enrichIdentitySessionMetadata({ availableGroups: reorderedGroups });
}
}
return next();
}PreviousReject machine-to-machine traffic using custom metadata ACL rulesNextAvailable rorRequest API
Last updated