synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-21 01:28:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Remove case sensitivity check in OIDC email domain (#4534)

Browse Source 
Fixes #4533.
This commit is contained in:
Kyle Carberry
2022-10-13 10:51:54 -05:00
committed by GitHub
parent 0d0ea981da
commit 574e5d37c7
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
coderd/userauth.go
View File

@ -261,7 +261,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
username = httpapi.UsernameFrom(username) username = httpapi.UsernameFrom(username)
} }
if api.OIDCConfig.EmailDomain != "" { if api.OIDCConfig.EmailDomain != "" {
if !strings.HasSuffix(email, api.OIDCConfig.EmailDomain) { if !strings.HasSuffix(strings.ToLower(email), strings.ToLower(api.OIDCConfig.EmailDomain)) {
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{ httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
Message: fmt.Sprintf("Your email %q is not a part of the %q domain!", email, api.OIDCConfig.EmailDomain), Message: fmt.Sprintf("Your email %q is not a part of the %q domain!", email, api.OIDCConfig.EmailDomain),
}) })

9
coderd/userauth_test.go
View File

@ -373,6 +373,15 @@ func TestUserOIDC(t *testing.T) {
AllowSignups: true, AllowSignups: true,
EmailDomain: "coder.com", EmailDomain: "coder.com",
StatusCode: http.StatusForbidden, StatusCode: http.StatusForbidden,
}, {
Name: "EmailDomainCaseInsensitive",
Claims: jwt.MapClaims{
"email": "kyle@KWC.io",
"email_verified": true,
},
AllowSignups: true,
EmailDomain: "kwc.io",
StatusCode: http.StatusTemporaryRedirect,
}, { }, {
Name: "EmptyClaims", Name: "EmptyClaims",
Claims: jwt.MapClaims{}, Claims: jwt.MapClaims{},