[PR #2633] [CLOSED] Fix: Populate user name from email prefix if OIDC username is invalid #2771

New Issue

adam · 2025-12-29T04:18:55+01:00

adam commented

2025-12-29 04:18:55 +01:00

📋 Pull Request Information

Original PR: https://github.com/juanfont/headscale/pull/2633
Author: @0xlilim
Created: 5/28/2025
Status: ❌ Closed

Base: main ← Head: main

📝 Commits (3)

243112b Fix: Populate user name from email prefix if OIDC username is invalid
c4062c4 Fix: Improve OIDC username fallback and email parsing
daccf72 Fix: Improve OIDC username fallback, email parsing, and code clarity ;)

📊 Changes

1 file changed (+33 additions, -6 deletions)

View changed files

📝 hscontrol/types/users.go (+33 -6)

📄 Description

Fixed: Populate user name from email prefix if OIDC username is invalid.

When a user authenticates via OIDC and the preferred_username claim
(mapped to claims.Username) contains characters disallowed by
util.ValidateUsername (e.g., CJK characters), the User.Name field
would remain empty. This resulted in an empty 'Name' column in the
headscale user list output for such users.

This commit modifies the User.FromClaim method in
hscontrol/types/users.go to address this issue. If claims.Username
is empty or fails validation, the method now attempts to extract the
prefix from claims.Email (the part before '@'). If this extracted
prefix is valid according to util.ValidateUsername, it is used as
the User.Name.

This ensures that a valid username is populated when possible, even if
the OIDC preferred_username is not directly usable, improving the
user experience and data consistency.

[x ] have read the CONTRIBUTING.md file
raised a GitHub issue or discussed it on the projects chat beforehand
added unit tests
added integration tests
updated documentation if needed
updated CHANGELOG.md

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/juanfont/headscale/pull/2633 **Author:** [@0xlilim](https://github.com/0xlilim) **Created:** 5/28/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (3) - [`243112b`](https://github.com/juanfont/headscale/commit/243112bc6e23f97c28a1d664a2ac0ed4c5c0bd4c) Fix: Populate user name from email prefix if OIDC username is invalid - [`c4062c4`](https://github.com/juanfont/headscale/commit/c4062c425dfb2e1dbf75712057546429e7c86dbe) Fix: Improve OIDC username fallback and email parsing - [`daccf72`](https://github.com/juanfont/headscale/commit/daccf722f91be3f11afe72db3f04bc84f49e0342) Fix: Improve OIDC username fallback, email parsing, and code clarity ;) ### 📊 Changes **1 file changed** (+33 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `hscontrol/types/users.go` (+33 -6) </details> ### 📄 Description **Fixed: Populate user name from email prefix if OIDC username is invalid.** When a user authenticates via OIDC and the `preferred_username` claim (mapped to `claims.Username`) contains characters disallowed by `util.ValidateUsername` (e.g., CJK characters), the `User.Name` field would remain empty. This resulted in an empty 'Name' column in the `headscale user list` output for such users. This commit modifies the `User.FromClaim` method in `hscontrol/types/users.go` to address this issue. If `claims.Username` is empty or fails validation, the method now attempts to extract the prefix from `claims.Email` (the part before '@'). If this extracted prefix is valid according to `util.ValidateUsername`, it is used as the `User.Name`. This ensures that a valid username is populated when possible, even if the OIDC `preferred_username` is not directly usable, improving the user experience and data consistency. - [x ] have read the [CONTRIBUTING.md](./CONTRIBUTING.md) file - [ ] raised a GitHub issue or discussed it on the projects chat beforehand - [ ] added unit tests - [ ] added integration tests - [ ] updated documentation if needed - [ ] updated CHANGELOG.md --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

adam added the pull-request label 2025-12-29 04:18:55 +01:00

adam closed this issue

2025-12-29 04:18:55 +01:00

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#2771