From 2bc4704db174ade4918fc04a9034966e2a384448 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20G=C3=BCnther?= <mail@oliverguenther.de>
Date: Mon, 14 Oct 2024 21:28:45 +0200
Subject: [PATCH] Configuration mapper

---
 .../openid_connect/configuration_mapper.rb    | 58 ++++++-------------
 .../services/openid_connect/sync_service.rb   | 21 ++-----
 2 files changed, 22 insertions(+), 57 deletions(-)

diff --git a/modules/openid_connect/app/services/openid_connect/configuration_mapper.rb b/modules/openid_connect/app/services/openid_connect/configuration_mapper.rb
index 748745546989..59ad4826a0ce 100644
--- a/modules/openid_connect/app/services/openid_connect/configuration_mapper.rb
+++ b/modules/openid_connect/app/services/openid_connect/configuration_mapper.rb
@@ -26,7 +26,7 @@
 # See COPYRIGHT and LICENSE files for more details.
 #++
 
-module Saml
+module OpenIDConnect
   class ConfigurationMapper
     attr_reader :configuration
 
@@ -36,60 +36,38 @@ def initialize(configuration)
 
     def call!
       options = mapped_options(configuration.deep_stringify_keys)
+
       {
-        "options" => options,
         "slug" => options.delete("name"),
-        "display_name" => options.delete("display_name") || "SAML"
+        "display_name" => options.delete("display_name") || "OpenID Connect",
+        "oidc_provider" => "custom",
+        "client_id" => options["identifier"],
+        "client_secret" => options["secret"],
+        "issuer" => options["issuer"],
+        "authorization_endpoint" => options["authorization_endpoint"],
+        "token_endpoint" => options["token_endpoint"],
+        "userinfo_endpoint" => options["userinfo_endpoint"],
+        "end_session_endpoint" => options["end_session_endpoint"],
+        "jwks_uri" => options["jwks_uri"]
       }
     end
 
     private
 
     def mapped_options(options)
-      options["idp_sso_service_url"] ||= options.delete("idp_sso_target_url")
-      options["idp_slo_service_url"] ||= options.delete("idp_slo_target_url")
-      options["sp_entity_id"] ||= options.delete("issuer")
-
-      build_idp_cert(options)
-      extract_security_options(options)
       extract_mapping(options)
 
       options.compact
     end
 
     def extract_mapping(options)
-      return unless options["attribute_statements"]
-
-      options["mapping_login"] = extract_mapping_attribute(options, "login")
-      options["mapping_mail"] = extract_mapping_attribute(options, "email")
-      options["mapping_firstname"] = extract_mapping_attribute(options, "first_name")
-      options["mapping_lastname"] = extract_mapping_attribute(options, "last_name")
-      options["mapping_uid"] = extract_mapping_attribute(options, "uid")
-    end
-
-    def extract_mapping_attribute(options, key)
-      value = options["attribute_statements"][key]
-
-      if value.present?
-        Array(value).join("\n")
-      end
-    end
-
-    def build_idp_cert(options)
-      if options["idp_cert"]
-        options["idp_cert"] = OneLogin::RubySaml::Utils.format_cert(options["idp_cert"])
-      elsif options["idp_cert_multi"]
-        options["idp_cert"] = options["idp_cert_multi"]["signing"]
-          .map { |cert| OneLogin::RubySaml::Utils.format_cert(cert) }
-          .join("\n")
-      end
-    end
-
-    def extract_security_options(options)
-      return unless options["security"]
+      return unless options["attribute_map"]
 
-      options.merge! options["security"].slice("authn_requests_signed", "want_assertions_signed",
-                                               "want_assertions_encrypted", "digest_method", "signature_method")
+      options["mapping_login"] = options["attribute_map"]["login"]
+      options["mapping_mail"] = options["attribute_map"]["email"]
+      options["mapping_firstname"] = options["attribute_map"]["first_name"]
+      options["mapping_lastname"] = options["attribute_map"]["last_name"]
+      options["mapping_uid"] = options["attribute_map"]["uid"]
     end
   end
 end
diff --git a/modules/openid_connect/app/services/openid_connect/sync_service.rb b/modules/openid_connect/app/services/openid_connect/sync_service.rb
index 368bdbc5ef0b..73e5d5e8bcfa 100644
--- a/modules/openid_connect/app/services/openid_connect/sync_service.rb
+++ b/modules/openid_connect/app/services/openid_connect/sync_service.rb
@@ -32,34 +32,21 @@ class SyncService
 
     def initialize(name, configuration)
       @name = name
-      @provider_attributes =
-        {
-          "slug" => name,
-          "oidc_provider" => "custom",
-          "display_name" => configuration["display_name"],
-          "client_id" => configuration["identifier"],
-          "client_secret" => configuration["secret"],
-          "issuer" => configuration["issuer"],
-          "authorization_endpoint" => configuration["authorization_endpoint"],
-          "token_endpoint" => configuration["token_endpoint"],
-          "userinfo_endpoint" => configuration["userinfo_endpoint"],
-          "end_session_endpoint" => configuration["end_session_endpoint"],
-          "jwks_uri" => configuration["jwks_uri"]
-        }
+      @configuration = ::OpenIDConnect::ConfigurationMapper.new(configuration).call!
     end
 
-    def call
+    def call # rubocop:disable Metrics/AbcSize
       provider = ::OpenIDConnect::Provider.find_by(slug: name)
       if provider
         ::OpenIDConnect::Providers::UpdateService
           .new(model: provider, user: User.system)
-          .call(@provider_attributes)
+          .call(@configuration)
           .on_success { |call| call.message = "Successfully updated OpenID provider #{name}." }
           .on_failure { |call| call.message = "Failed to update OpenID provider: #{call.message}" }
       else
         ::OpenIDConnect::Providers::CreateService
           .new(user: User.system)
-          .call(@provider_attributes)
+          .call(@configuration)
           .on_success { |call| call.message = "Successfully created OpenID provider #{name}." }
           .on_failure { |call| call.message = "Failed to create OpenID provider: #{call.message}" }
       end