Commitfe240ad

authored

fix(coderd): userOIDC: ignore leading @ of EmailDomain (#13568)

1 parentd04959c commitfe240adCopy full SHA for fe240ad

File tree

+26

-0

lines changed

+26

-0

lines changed

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -960,6 +960,8 @@ func (api API) userOIDC(rw http.ResponseWriter, r http.Request) {`
`960`	`960`	`}`
`961`	`961`	`userEmailDomain:=emailSp[len(emailSp)-1]`
`962`	`962`	`for_,domain:=rangeapi.OIDCConfig.EmailDomain {`
	`963`	`+// Folks sometimes enter EmailDomain with a leading '@'.`
	`964`	`+domain=strings.TrimPrefix(domain,"@")`
`963`	`965`	`ifstrings.EqualFold(userEmailDomain,domain) {`
`964`	`966`	`ok=true`
`965`	`967`	`break`

Lines changed: 24 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -941,6 +941,30 @@ func TestUserOIDC(t *testing.T) {`
`941`	`941`	`},`
`942`	`942`	`StatusCode:http.StatusForbidden,`
`943`	`943`	`},`
	`944`	`+{`
	`945`	`+Name:"EmailDomainWithLeadingAt",`
	`946`	`+IDTokenClaims: jwt.MapClaims{`
	`947`	`+"email":"cian@coder.com",`
	`948`	`+"email_verified":true,`
	`949`	`+},`
	`950`	`+AllowSignups:true,`
	`951`	`+EmailDomain: []string{`
	`952`	`+"@coder.com",`
	`953`	`+},`
	`954`	`+StatusCode:http.StatusOK,`
	`955`	`+},`
	`956`	`+{`
	`957`	`+Name:"EmailDomainForbiddenWithLeadingAt",`
	`958`	`+IDTokenClaims: jwt.MapClaims{`
	`959`	`+"email":"kyle@kwc.io",`
	`960`	`+"email_verified":true,`
	`961`	`+},`
	`962`	`+AllowSignups:true,`
	`963`	`+EmailDomain: []string{`
	`964`	`+"@coder.com",`
	`965`	`+},`
	`966`	`+StatusCode:http.StatusForbidden,`
	`967`	`+},`
`944`	`968`	`{`
`945`	`969`	`Name:"EmailDomainCaseInsensitive",`
`946`	`970`	`IDTokenClaims: jwt.MapClaims{`

Comments

(0)