caddy-security
caddy-security copied to clipboard
greenpau
question: Add multiple emails to a user transform
A clear and concise description of what you want to accomplish.
I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?
I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?
Yes, please read https://authp.github.io/docs/authenticate/user-transforms and experiment with regex patterns. The conditional match is based on https://authp.github.io/docs/authorize/acl-rbac#conditions
There is also a way to have multiple match statements and then say match any of them. However, I don't remember how I did it. It is probably something like this.
match email1@foo
match email2@bar
default match any
I would like to add multiple emails within a user transform block. This would be useful for giving multiple email addresses the same role. Is this possible?
Yes, please read https://authp.github.io/docs/authenticate/user-transforms and experiment with regex patterns. The conditional match is based on https://authp.github.io/docs/authorize/acl-rbac#conditions
There is also a way to have multiple match statements and then say match any of them. However, I don't remember how I did it. It is probably something like this.
match email1@foo match email2@bar default match any
Thank you, I will try the regex patterns and report back. I was not aware of the "default match any" statement, can this be found in the docs?
Also if I would like to prevent issuance of a token unless they are matched by a user transform, how could I go about doing that. Kind of like a catch-all. Would you recommend the regex here as well, or might there be a better way?
transform user {
match realm google
no match email [email protected]
block
}
Thank you very much!
I formatted a space separated list of allowed emails like this, though I couldn't find documentation suggesting a line continuation syntax for Caddyfile.
match email \
[email protected] \
[email protected]
I formatted a space separated list of allowed emails like this, though I couldn't find documentation suggesting a line continuation syntax for Caddyfile.
@qrkourier , idk.
One thing that comes to mind is creating a function.
(block_user) {
transform user {
match realm {args[0]}
match email {args[1]}
block
}
}
Then use it.
block_user google [email protected]
block_user google [email protected]
Which would be result in:
transform user {
match realm google
match email [email protected]
block
}
Hope this helps.
Also if I would like to prevent issuance of a token unless they are matched by a user transform, how could I go about doing that. Kind of like a catch-all. Would you recommend the regex here as well, or might there be a better way?
@sandstormkeshav , I would probably use no regex match email REGEX_PATTERN