Add overrideWithMissingCustomEmailClaim test

Signed-off-by: Happy2C0de <46957159+Happy2C0de@users.noreply.github.com>
This commit is contained in:
Happy2C0de 2021-08-24 07:13:34 +02:00
parent b28098dde8
commit 55605751f5
2 changed files with 21 additions and 0 deletions

View file

@ -314,6 +314,10 @@ func (c *oidcConnector) createIdentity(ctx context.Context, identity connector.I
if (!found || c.overrideClaimMapping) && c.emailKey != "" { if (!found || c.overrideClaimMapping) && c.emailKey != "" {
emailKey = c.emailKey emailKey = c.emailKey
email, found = claims[emailKey].(string) email, found = claims[emailKey].(string)
if !found && c.overrideClaimMapping {
// If override is enabled but claim was not found, empty string is preferred over fallback.
email, found = "", true
}
} }
if !found && hasEmailScope { if !found && hasEmailScope {

View file

@ -110,6 +110,23 @@ func TestHandleCallback(t *testing.T) {
"email_verified": true, "email_verified": true,
}, },
}, },
{
name: "overrideWithMissingCustomEmailClaim",
userIDKey: "", // not configured
userNameKey: "", // not configured
overrideClaimMapping: true,
emailKey: "custommail",
expectUserID: "subvalue",
expectUserName: "namevalue",
expectedEmailField: "",
token: map[string]interface{}{
// no "custommail" claim
"sub": "subvalue",
"name": "namevalue",
"email": "emailvalue",
"email_verified": true,
},
},
{ {
name: "email_verified not in claims, configured to be skipped", name: "email_verified not in claims, configured to be skipped",
insecureSkipEmailVerified: true, insecureSkipEmailVerified: true,