k-space/dex
Archived
11
0
Fork 0
Code Issues Pull Requests Packages Projects Activity

Add overrideWithMissingCustomEmailClaim test

Browse Source 
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
This commit is contained in:
Happy2C0de
2021-08-24 07:13:34 +02:00
parent b28098dde8
commit 55605751f5
2 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
connector/oidc/oidc.go
View File

@@ -314,6 +314,10 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
if (!found || c.overrideClaimMapping) && c.emailKey != "" { if (!found || c.overrideClaimMapping) && c.emailKey != "" {
emailKey = c.emailKey emailKey = c.emailKey
email, found = claims[emailKey].(string) email, found = claims[emailKey].(string)
if !found && c.overrideClaimMapping {
// If override is enabled but claim was not found, empty string is preferred over fallback.
email, found = "", true
}
} }
if !found && hasEmailScope { if !found && hasEmailScope {

17
connector/oidc/oidc_test.go
View File

@@ -110,6 +110,23 @@ func TestHandleCallback(t *testing.T) {
"email_verified": true, "email_verified": true,
}, },
}, },
{
name: "overrideWithMissingCustomEmailClaim",
userIDKey: "", // not configured
userNameKey: "", // not configured
overrideClaimMapping: true,
emailKey: "custommail",
expectUserID: "subvalue",
expectUserName: "namevalue",
expectedEmailField: "",
token: map[string]interface{}{
// no "custommail" claim
"sub": "subvalue",
"name": "namevalue",
"email": "emailvalue",
"email_verified": true,
},
},
{ {
name: "email_verified not in claims, configured to be skipped", name: "email_verified not in claims, configured to be skipped",
insecureSkipEmailVerified: true, insecureSkipEmailVerified: true,