From ad0d4a40cb6d4336bcf9d0e7a46f757470fb06b4 Mon Sep 17 00:00:00 2001
From: Martin Jurk <m049k@vpngate1814.inet.dkfz-heidelberg.de>
Date: Thu, 3 Jul 2025 13:56:55 +0200
Subject: [PATCH 1/3] convert shell expression to regex url, provider name
 changed

---
 central/src/auth/authentik/provider.rs | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/central/src/auth/authentik/provider.rs b/central/src/auth/authentik/provider.rs
index 25041b5..440e316 100644
--- a/central/src/auth/authentik/provider.rs
+++ b/central/src/auth/authentik/provider.rs
@@ -23,8 +23,9 @@ pub async fn generate_provider_values(
     let mapping = FlowPropertymapping::new(conf).await?;
 
     let secret = (!oidc_client_config.is_public).then_some(secret);
+    let name = format!("provider for {}", client_id);
     let mut json = json!({
-        "name": client_id,
+        "name": name,
         "client_id": client_id,
         "authorization_flow": mapping.authorization_flow,
         "invalidation_flow": mapping.invalidation_flow,
@@ -39,7 +40,7 @@ pub async fn generate_provider_values(
             .iter()
             .map(|url| {
                 let (matching_mode, url) = if is_regex_uri(url) {
-                    ("regex".to_owned(), url.to_owned())
+                    ("regex".to_owned(), convert_to_regex_url(url))
                 } else {
                     ("strict".to_owned(), url.to_owned())
                 };
@@ -215,6 +216,20 @@ pub async fn check_set_federation_id(
 }
 
 fn is_regex_uri(uri: &str) -> bool {
-    let regex_chars = ['^', '$', '*'];
+    let regex_chars = ['*'];
     uri.chars().any(|c| regex_chars.contains(&c))
+}
+
+fn convert_to_regex_url(uri: &str) -> String {
+    let mut result_uri = String::from("^");
+    for ch in uri.chars() {
+        match ch { 
+            '.' => result_uri.push_str(r"\\."),
+            '*' => result_uri.push_str(".*"),
+            '?' => result_uri.push_str("."),
+            _ => result_uri.push(ch),
+        }
+    }
+    result_uri.push_str("$");
+    result_uri
 }
\ No newline at end of file

From 4d72aaf6a12f29af8481495d2d91112049437792 Mon Sep 17 00:00:00 2001
From: Martin Jurk <m049k@vpngate1814.inet.dkfz-heidelberg.de>
Date: Thu, 3 Jul 2025 14:25:16 +0200
Subject: [PATCH 2/3] regex no json escape, provider need cleind_id as name

---
 central/src/auth/authentik/provider.rs | 6 +++---
 central/src/auth/authentik/test.rs     | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/central/src/auth/authentik/provider.rs b/central/src/auth/authentik/provider.rs
index 440e316..d6334fa 100644
--- a/central/src/auth/authentik/provider.rs
+++ b/central/src/auth/authentik/provider.rs
@@ -23,9 +23,9 @@ pub async fn generate_provider_values(
     let mapping = FlowPropertymapping::new(conf).await?;
 
     let secret = (!oidc_client_config.is_public).then_some(secret);
-    let name = format!("provider for {}", client_id);
+    let name = format!("Provider for {}", client_id); // not consistent at the moment
     let mut json = json!({
-        "name": name,
+        "name": client_id,
         "client_id": client_id,
         "authorization_flow": mapping.authorization_flow,
         "invalidation_flow": mapping.invalidation_flow,
@@ -224,7 +224,7 @@ fn convert_to_regex_url(uri: &str) -> String {
     let mut result_uri = String::from("^");
     for ch in uri.chars() {
         match ch { 
-            '.' => result_uri.push_str(r"\\."),
+            '.' => result_uri.push_str(r"\."),
             '*' => result_uri.push_str(".*"),
             '?' => result_uri.push_str("."),
             _ => result_uri.push(ch),
diff --git a/central/src/auth/authentik/test.rs b/central/src/auth/authentik/test.rs
index 2d0d73d..8ae8bea 100644
--- a/central/src/auth/authentik/test.rs
+++ b/central/src/auth/authentik/test.rs
@@ -53,7 +53,8 @@ async fn test_create_client() -> anyhow::Result<()> {
             "http://foo/bar".into(),
             "http://verbis/test".into(),
             "http://dkfz/verbis/test".into(),
-            "^http://dkfz.verbis/*".into(),
+            "http://dkfz.verbis/*".into(),
+            "https://e000-nb000.inet.dkfz-heidelberg.de/opal/*".into(),
         ],
     };
     let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) =
@@ -77,7 +78,8 @@ async fn test_create_client() -> anyhow::Result<()> {
             "http://foo/bar".into(),
             "http://verbis/test".into(),
             "http://dkfz/verbis/test".into(),
-            "^http://dkfz.verbis/*".into(),
+            "http://dkfz.verbis/*".into(),
+            "https://e000-nb000.inet.dkfz-heidelberg.de/opal/*".into(),
         ],
     };
     let (SecretResult::Created(pw) | SecretResult::AlreadyExisted(pw)) =

From ee2aa8850b8cc39234e0577b046b747bd247779e Mon Sep 17 00:00:00 2001
From: Martin Jurk <m049k@vpngate1814.inet.dkfz-heidelberg.de>
Date: Thu, 3 Jul 2025 14:48:14 +0200
Subject: [PATCH 3/3] not cheanged provider name

---
 central/src/auth/authentik/provider.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/central/src/auth/authentik/provider.rs b/central/src/auth/authentik/provider.rs
index d6334fa..e2893dd 100644
--- a/central/src/auth/authentik/provider.rs
+++ b/central/src/auth/authentik/provider.rs
@@ -23,7 +23,6 @@ pub async fn generate_provider_values(
     let mapping = FlowPropertymapping::new(conf).await?;
 
     let secret = (!oidc_client_config.is_public).then_some(secret);
-    let name = format!("Provider for {}", client_id); // not consistent at the moment
     let mut json = json!({
         "name": client_id,
         "client_id": client_id,