Merge pull request #67 from github/primetheus/aad-upn-map

Azure AD UPN mapping
3rd-party-integrations · Mar 24, 2021 · ff43e8c · ff43e8c
2 parents d1b07f9 + ca1eae6
commit ff43e8c
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 12 deletions.
diff --git a/.env.example.aad b/.env.example.aad
@@ -34,6 +34,15 @@ AZURE_APP_SCOPE=".default"
 AZURE_API_ENDPOINT="https://graph.microsoft.com/v1.0"
 ## Custom attribute for usernames
 AZURE_USERNAME_ATTRIBUTE=userPrincipalName
+## If we don't have a custom username attribute, we'll
+## need to make sure the username matches what's in
+## GitHub. This will take the UPN and split the
+## string on "@", making [email protected] just "user"
+## in order to match GitHub.
+## This should not be necessary if you add a new
+## attribute for user mapping
+## Default: false
+#AZURE_USER_IS_UPN=true
 
 #########################
 ## Additional settings ##

diff --git a/README.md b/README.md
@@ -157,6 +157,7 @@ AZURE_CLIENT_SECRET="<client_secret>"
 AZURE_APP_SCOPE="default"
 AZURE_API_ENDPOINT="https://graph.microsoft.com/v1.0"
 AZURE_USERNAME_ATTRIBUTE=userPrincipalName
+AZURE_USER_IS_UPN=true
 ```
 
 ### Sample `.env` for Okta

diff --git a/githubapp/azuread.py b/githubapp/azuread.py
@@ -1,7 +1,7 @@
 import os
 import json
 import logging
-
+from distutils.util import strtobool
 import requests
 import msal
 
@@ -21,8 +21,13 @@ def __init__(self):
             f"https://graph.microsoft.com/{x}"
             for x in os.environ["AZURE_APP_SCOPE"].split(" ")
         ]
-        self.AZURE_API_ENDPOINT = os.environ["AZURE_API_ENDPOINT"]
-        self.USERNAME_ATTRIBUTE = os.environ["AZURE_USERNAME_ATTRIBUTE"]
+        self.AZURE_API_ENDPOINT = os.environ.get(
+            "AZURE_API_ENDPOINT", "https://graph.microsoft.com/v1.0"
+        )
+        self.USERNAME_ATTRIBUTE = os.environ.get(
+            "AZURE_USERNAME_ATTRIBUTE", "userPrincipalName"
+        )
+        self.AZURE_USER_IS_UPN = strtobool(os.environ.get("AZURE_USER_IS_UPN", "False"))
 
     def get_access_token(self):
         """
@@ -77,10 +82,16 @@ def get_group_members(self, token=None, group_name=None):
         ).json()["value"]
         for member in members:
             user_info = self.get_user_info(token=token, user=member["id"])
-            user = {
-                "username": user_info[self.USERNAME_ATTRIBUTE],
-                "email": user_info["mail"],
-            }
+            if self.AZURE_USER_IS_UPN:
+                user = {
+                    "username": user_info[self.USERNAME_ATTRIBUTE].split("@")[0],
+                    "email": user_info["mail"],
+                }
+            else:
+                user = {
+                    "username": user_info[self.USERNAME_ATTRIBUTE],
+                    "email": user_info["mail"],
+                }
             member_list.append(user)
         return member_list
 

diff --git a/githubapp/onelogin.py b/githubapp/onelogin.py
@@ -7,11 +7,7 @@ def __init__(self):
         CLIENT_ID = os.environ["ONELOGIN_CLIENT_ID"]
         CLIENT_SECRET = os.environ["ONELOGIN_CLIENT_SECRET"]
         REGION = os.environ.get("ONELOGIN_REGION", "US").upper()
-        self.client = OneLoginClient(
-            CLIENT_ID,
-            CLIENT_SECRET,
-            REGION
-        )
+        self.client = OneLoginClient(CLIENT_ID, CLIENT_SECRET, REGION)
 
     def get_group_members(self, group_name=None):
         """