Merge pull request #67 from github/primetheus/aad-upn-map

Azure AD UPN mapping
2021-03-24 17:24:01 -04:00 · 2021-03-24 17:24:01 -04:00 · ff43e8cd9b
--- a/.env.example.aad
+++ b/.env.example.aad
@ -34,6 +34,15 @@ AZURE_APP_SCOPE=".default"
 AZURE_API_ENDPOINT="https://graph.microsoft.com/v1.0"
 ## Custom attribute for usernames
 AZURE_USERNAME_ATTRIBUTE=userPrincipalName
+## If we don't have a custom username attribute, we'll
+## need to make sure the username matches what's in
+## GitHub. This will take the UPN and split the
+## string on "@", making user@example.com just "user"
+## in order to match GitHub.
+## This should not be necessary if you add a new
+## attribute for user mapping
+## Default: false
+#AZURE_USER_IS_UPN=true

 #########################
 ## Additional settings ##
--- a/README.md
+++ b/README.md
@ -157,6 +157,7 @@ AZURE_CLIENT_SECRET="<client_secret>"
 AZURE_APP_SCOPE="default"
 AZURE_API_ENDPOINT="https://graph.microsoft.com/v1.0"
 AZURE_USERNAME_ATTRIBUTE=userPrincipalName
+AZURE_USER_IS_UPN=true
 ```

 ### Sample `.env` for Okta
--- a/githubapp/azuread.py
+++ b/githubapp/azuread.py
@ -1,7 +1,7 @@
 import os
 import json
 import logging
-
+from distutils.util import strtobool
 import requests
 import msal

@ -21,8 +21,13 @@ class AzureAD:
            f"https://graph.microsoft.com/{x}"
            for x in os.environ["AZURE_APP_SCOPE"].split(" ")
        ]
-        self.AZURE_API_ENDPOINT = os.environ["AZURE_API_ENDPOINT"]
-        self.USERNAME_ATTRIBUTE = os.environ["AZURE_USERNAME_ATTRIBUTE"]
+        self.AZURE_API_ENDPOINT = os.environ.get(
+            "AZURE_API_ENDPOINT", "https://graph.microsoft.com/v1.0"
+        )
+        self.USERNAME_ATTRIBUTE = os.environ.get(
+            "AZURE_USERNAME_ATTRIBUTE", "userPrincipalName"
+        )
+        self.AZURE_USER_IS_UPN = strtobool(os.environ.get("AZURE_USER_IS_UPN", "False"))

    def get_access_token(self):
        """
@ -77,10 +82,16 @@ class AzureAD:
        ).json()["value"]
        for member in members:
            user_info = self.get_user_info(token=token, user=member["id"])
-            user = {
-                "username": user_info[self.USERNAME_ATTRIBUTE],
-                "email": user_info["mail"],
-            }
+            if self.AZURE_USER_IS_UPN:
+                user = {
+                    "username": user_info[self.USERNAME_ATTRIBUTE].split("@")[0],
+                    "email": user_info["mail"],
+                }
+            else:
+                user = {
+                    "username": user_info[self.USERNAME_ATTRIBUTE],
+                    "email": user_info["mail"],
+                }
            member_list.append(user)
        return member_list

--- a/githubapp/onelogin.py
+++ b/githubapp/onelogin.py
@ -7,11 +7,7 @@ class OneLogin:
        CLIENT_ID = os.environ["ONELOGIN_CLIENT_ID"]
        CLIENT_SECRET = os.environ["ONELOGIN_CLIENT_SECRET"]
        REGION = os.environ.get("ONELOGIN_REGION", "US").upper()
-        self.client = OneLoginClient(
-            CLIENT_ID,
-            CLIENT_SECRET,
-            REGION
-        )
+        self.client = OneLoginClient(CLIENT_ID, CLIENT_SECRET, REGION)

    def get_group_members(self, group_name=None):
        """