forked from mystiq/dex
Add overrideWithMissingCustomEmailClaim test
Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
This commit is contained in:
parent
b28098dde8
commit
55605751f5
2 changed files with 21 additions and 0 deletions
|
@ -314,6 +314,10 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
|
||||||
if (!found || c.overrideClaimMapping) && c.emailKey != "" {
|
if (!found || c.overrideClaimMapping) && c.emailKey != "" {
|
||||||
emailKey = c.emailKey
|
emailKey = c.emailKey
|
||||||
email, found = claims[emailKey].(string)
|
email, found = claims[emailKey].(string)
|
||||||
|
if !found && c.overrideClaimMapping {
|
||||||
|
// If override is enabled but claim was not found, empty string is preferred over fallback.
|
||||||
|
email, found = "", true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !found && hasEmailScope {
|
if !found && hasEmailScope {
|
||||||
|
|
|
@ -110,6 +110,23 @@ func TestHandleCallback(t *testing.T) {
|
||||||
"email_verified": true,
|
"email_verified": true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "overrideWithMissingCustomEmailClaim",
|
||||||
|
userIDKey: "", // not configured
|
||||||
|
userNameKey: "", // not configured
|
||||||
|
overrideClaimMapping: true,
|
||||||
|
emailKey: "custommail",
|
||||||
|
expectUserID: "subvalue",
|
||||||
|
expectUserName: "namevalue",
|
||||||
|
expectedEmailField: "",
|
||||||
|
token: map[string]interface{}{
|
||||||
|
// no "custommail" claim
|
||||||
|
"sub": "subvalue",
|
||||||
|
"name": "namevalue",
|
||||||
|
"email": "emailvalue",
|
||||||
|
"email_verified": true,
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "email_verified not in claims, configured to be skipped",
|
name: "email_verified not in claims, configured to be skipped",
|
||||||
insecureSkipEmailVerified: true,
|
insecureSkipEmailVerified: true,
|
||||||
|
|
Loading…
Reference in a new issue