From 9ed10ef1d314550da7f857933e5aa3f2747da0bb Mon Sep 17 00:00:00 2001
From: Steve Breker <sbreker@artefactual.com>
Date: Wed, 25 Sep 2024 09:35:49 -0700
Subject: [PATCH] Remove uppercase logic from oidc_auth

Remove automatic conversion of provider names to uppercase from
get_oidc_secondary_providers().

Update the OIDC middleware to convert the secondary provider name to
uppercase before validation.
---
 src/dashboard/src/middleware/common.py        |  4 ++-
 .../src/settings/components/oidc_auth.py      | 28 +++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/src/dashboard/src/middleware/common.py b/src/dashboard/src/middleware/common.py
index 7fde2d3f9f..9f5b6ec0e0 100644
--- a/src/dashboard/src/middleware/common.py
+++ b/src/dashboard/src/middleware/common.py
@@ -131,7 +131,9 @@ def __init__(self, get_response):
     def __call__(self, request):
         if not request.user.is_authenticated:
             # Capture query parameter value and store it in the session.
-            provider_name = request.GET.get(settings.OIDC_PROVIDER_QUERY_PARAM_NAME)
+            provider_name = request.GET.get(
+                settings.OIDC_PROVIDER_QUERY_PARAM_NAME, ""
+            ).upper()
 
             if provider_name and provider_name in settings.OIDC_PROVIDERS:
                 request.session["providername"] = provider_name
diff --git a/src/dashboard/src/settings/components/oidc_auth.py b/src/dashboard/src/settings/components/oidc_auth.py
index b0d3908b6d..1a15be2359 100644
--- a/src/dashboard/src/settings/components/oidc_auth.py
+++ b/src/dashboard/src/settings/components/oidc_auth.py
@@ -2,27 +2,25 @@
 
 
 def get_oidc_secondary_providers(oidc_secondary_provider_names):
+    """Build secondary OIDC provider details dict. Takes a list of secondary
+    OIDC providers and gathers details about these providers from env vars.
+    Output dict contains details for each OIDC connection which can then be
+    referenced by name.
+    """
+
     providers = {}
 
     for provider_name in oidc_secondary_provider_names:
         provider_name = provider_name.strip()
-        client_id = os.environ.get(f"OIDC_RP_CLIENT_ID_{provider_name.upper()}")
-        client_secret = os.environ.get(f"OIDC_RP_CLIENT_SECRET_{provider_name.upper()}")
+        client_id = os.environ.get(f"OIDC_RP_CLIENT_ID_{provider_name}")
+        client_secret = os.environ.get(f"OIDC_RP_CLIENT_SECRET_{provider_name}")
         authorization_endpoint = os.environ.get(
-            f"OIDC_OP_AUTHORIZATION_ENDPOINT_{provider_name.upper()}", ""
-        )
-        token_endpoint = os.environ.get(
-            f"OIDC_OP_TOKEN_ENDPOINT_{provider_name.upper()}", ""
-        )
-        user_endpoint = os.environ.get(
-            f"OIDC_OP_USER_ENDPOINT_{provider_name.upper()}", ""
-        )
-        jwks_endpoint = os.environ.get(
-            f"OIDC_OP_JWKS_ENDPOINT_{provider_name.upper()}", ""
-        )
-        logout_endpoint = os.environ.get(
-            f"OIDC_OP_LOGOUT_ENDPOINT_{provider_name.upper()}", ""
+            f"OIDC_OP_AUTHORIZATION_ENDPOINT_{provider_name}", ""
         )
+        token_endpoint = os.environ.get(f"OIDC_OP_TOKEN_ENDPOINT_{provider_name}", "")
+        user_endpoint = os.environ.get(f"OIDC_OP_USER_ENDPOINT_{provider_name}", "")
+        jwks_endpoint = os.environ.get(f"OIDC_OP_JWKS_ENDPOINT_{provider_name}", "")
+        logout_endpoint = os.environ.get(f"OIDC_OP_LOGOUT_ENDPOINT_{provider_name}", "")
 
         if client_id and client_secret:
             providers[provider_name] = {