Allow setting an explicit upstream account name

Author: sandhose

crates/cli/src/commands/manage.rs

@@ -955,9 +955,10 @@ impl UserCreationRequest<'_> {
         }
 
         for (provider, subject) in upstream_provider_mappings {
+            // Note that we don't pass a human_account_name here, as we don't ask for it
             let link = repo
                 .upstream_oauth_link()
-                .add(rng, clock, provider, subject)
+                .add(rng, clock, provider, subject, None)
                 .await?;
 
             repo.upstream_oauth_link()

crates/cli/src/sync.rs

@@ -67,6 +67,9 @@ fn map_claims_imports(
                 mas_data_model::UpsreamOAuthProviderSetEmailVerification::Import
             }
         },
+        account_name: mas_data_model::UpstreamOAuthProviderSubjectPreference {
+            template: config.account_name.template.clone(),
+        },
     }
 }
 

crates/config/src/sections/upstream_oauth2.rs

@@ -285,6 +285,23 @@ impl EmailImportPreference {
     }
 }
 
+/// What should be done for the account name attribute
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default, JsonSchema)]
+pub struct AccountNameImportPreference {
+    /// The Jinja2 template to use for the account name. This name is only used
+    /// for display purposes.
+    ///
+    /// If not provided, it will be ignored.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub template: Option<String>,
+}
+
+impl AccountNameImportPreference {
+    const fn is_default(&self) -> bool {
+        self.template.is_none()
+    }
+}
+
 /// How claims should be imported
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default, JsonSchema)]
 pub struct ClaimsImports {
@@ -307,6 +324,13 @@ pub struct ClaimsImports {
     /// `email_verified` claims
     #[serde(default, skip_serializing_if = "EmailImportPreference::is_default")]
     pub email: EmailImportPreference,
+
+    /// Set a human-readable name for the upstream account for display purposes
+    #[serde(
+        default,
+        skip_serializing_if = "AccountNameImportPreference::is_default"
+    )]
+    pub account_name: AccountNameImportPreference,
 }
 
 impl ClaimsImports {

crates/data-model/src/upstream_oauth2/link.rs

@@ -14,5 +14,6 @@ pub struct UpstreamOAuthLink {
     pub provider_id: Ulid,
     pub user_id: Option<Ulid>,
     pub subject: String,
+    pub human_account_name: Option<String>,
     pub created_at: DateTime<Utc>,
 }

crates/data-model/src/upstream_oauth2/provider.rs

@@ -301,10 +301,14 @@ pub struct ClaimsImports {
     #[serde(default)]
     pub email: ImportPreference,
 
+    #[serde(default)]
+    pub account_name: SubjectPreference,
+
     #[serde(default)]
     pub verify_email: SetEmailVerification,
 }
 
+// XXX: this should have another name
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]
 pub struct SubjectPreference {
     #[serde(default)]

crates/handlers/src/upstream_oauth2/callback.rs

@@ -359,7 +359,7 @@ pub(crate) async fn handler(
         .as_deref()
         .unwrap_or("{{ user.sub }}");
     let subject = env
-        .render_str(template, context)
+        .render_str(template, context.clone())
         .map_err(RouteError::ExtractSubject)?;
 
     if subject.is_empty() {
@@ -375,8 +375,26 @@ pub(crate) async fn handler(
     let link = if let Some(link) = maybe_link {
         link
     } else {
+        // Try to render the human account name if we have one,
+        // but just log if it fails
+        let human_account_name = provider
+            .claims_imports
+            .account_name
+            .template
+            .as_deref()
+            .and_then(|template| match env.render_str(template, context) {
+                Ok(name) => Some(name),
+                Err(e) => {
+                    tracing::warn!(
+                        error = &e as &dyn std::error::Error,
+                        "Failed to render account name"
+                    );
+                    None
+                }
+            });
+
         repo.upstream_oauth_link()
-            .add(&mut rng, &clock, &provider, subject)
+            .add(&mut rng, &clock, &provider, subject, human_account_name)
             .await?
     };
 

crates/handlers/src/upstream_oauth2/link.rs

@@ -332,7 +332,7 @@ pub(crate) async fn get(
                 .await?
                 .ok_or(RouteError::ProviderNotFound)?;
 
-            let ctx = UpstreamRegister::default();
+            let ctx = UpstreamRegister::new(link.clone(), provider.clone());
 
             let env = environment();
 
@@ -596,7 +596,7 @@ pub(crate) async fn post(
                 .map_or(false, |v| v == "true");
 
             // Create a template context in case we need to re-render because of an error
-            let ctx = UpstreamRegister::default();
+            let ctx = UpstreamRegister::new(link.clone(), provider.clone());
 
             let display_name = if provider
                 .claims_imports
@@ -954,7 +954,13 @@ mod tests {
 
         let link = repo
             .upstream_oauth_link()
-            .add(&mut rng, &state.clock, &provider, "subject".to_owned())
+            .add(
+                &mut rng,
+                &state.clock,
+                &provider,
+                "subject".to_owned(),
+                None,
+            )
             .await
             .unwrap();