fix(coderd): userOIDC: ignore leading @ of EmailDomain (#13568)

2025-07-03 16:13:58 +00:00 · 2024-06-14 09:29:07 +01:00
parent d04959cea8
commit fe240add86
2 changed files with 26 additions and 0 deletions
--- a/coderd/userauth_test.go
+++ b/coderd/userauth_test.go
@ -941,6 +941,30 @@ func TestUserOIDC(t *testing.T) {
 			},
 			StatusCode: http.StatusForbidden,
 		},
+		{
+			Name: "EmailDomainWithLeadingAt",
+			IDTokenClaims: jwt.MapClaims{
+				"email":          "cian@coder.com",
+				"email_verified": true,
+			},
+			AllowSignups: true,
+			EmailDomain: []string{
+				"@coder.com",
+			},
+			StatusCode: http.StatusOK,
+		},
+		{
+			Name: "EmailDomainForbiddenWithLeadingAt",
+			IDTokenClaims: jwt.MapClaims{
+				"email":          "kyle@kwc.io",
+				"email_verified": true,
+			},
+			AllowSignups: true,
+			EmailDomain: []string{
+				"@coder.com",
+			},
+			StatusCode: http.StatusForbidden,
+		},
 		{
 			Name: "EmailDomainCaseInsensitive",
 			IDTokenClaims: jwt.MapClaims{