spec(SSO): メールアドレスが登録されていない場合、メアドフィールドの値にaactを入れる (MisskeyIO#607)
This commit is contained in:
parent
8b214f8247
commit
22e398d2bf
|
@ -44,6 +44,7 @@ import type { MiLocalUser } from '@/models/User.js';
|
||||||
import { LoggerService } from '@/core/LoggerService.js';
|
import { LoggerService } from '@/core/LoggerService.js';
|
||||||
import Logger from '@/logger.js';
|
import Logger from '@/logger.js';
|
||||||
import { StatusError } from '@/misc/status-error.js';
|
import { StatusError } from '@/misc/status-error.js';
|
||||||
|
import { normalizeEmailAddress } from '@/misc/normalize-email-address.js';
|
||||||
import type { ServerResponse } from 'node:http';
|
import type { ServerResponse } from 'node:http';
|
||||||
import type { FastifyInstance } from 'fastify';
|
import type { FastifyInstance } from 'fastify';
|
||||||
|
|
||||||
|
@ -508,25 +509,31 @@ export class OAuth2ProviderService {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const accessToken = await this.accessTokensRepository.findOne({ where: { token }, relations: ['user'] });
|
const accessToken = await this.accessTokensRepository.findOneBy({ token });
|
||||||
if (!accessToken) {
|
if (!accessToken) {
|
||||||
reply.code(401);
|
reply.code(401);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
const user = await this.userProfilesRepository.findOneBy({ userId: accessToken.userId });
|
const user = await this.usersRepository.findOneBy({ id: accessToken.userId });
|
||||||
|
if (!user) {
|
||||||
|
reply.code(401);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
|
||||||
|
|
||||||
reply.code(200);
|
reply.code(200);
|
||||||
return {
|
return {
|
||||||
sub: accessToken.userId,
|
sub: user.id,
|
||||||
name: accessToken.user?.name,
|
name: user.name ? `${user.name} (@${user.username})` : `@${user.username}`,
|
||||||
preferred_username: accessToken.user?.username,
|
preferred_username: user.username,
|
||||||
profile: accessToken.user ? `${this.config.url}/@${accessToken.user.username}` : undefined,
|
profile: `${this.config.url}/@${user.username}`,
|
||||||
picture: accessToken.user?.avatarUrl,
|
picture: user.avatarUrl ?? undefined,
|
||||||
email: user?.email,
|
email: profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
|
||||||
email_verified: user?.emailVerified,
|
email_verified: profile.emailVerified,
|
||||||
mfa_enabled: user?.twoFactorEnabled,
|
mfa_enabled: profile.twoFactorEnabled,
|
||||||
updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000),
|
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -178,7 +178,7 @@ export class JWTIdentifyProviderService {
|
||||||
preferred_username: user.username,
|
preferred_username: user.username,
|
||||||
profile: `${this.config.url}/@${user.username}`,
|
profile: `${this.config.url}/@${user.username}`,
|
||||||
picture: user.avatarUrl ?? undefined,
|
picture: user.avatarUrl ?? undefined,
|
||||||
email: profile.emailVerified ? normalizeEmailAddress(profile.email) : undefined,
|
email: profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
|
||||||
email_verified: profile.emailVerified,
|
email_verified: profile.emailVerified,
|
||||||
mfa_enabled: profile.twoFactorEnabled,
|
mfa_enabled: profile.twoFactorEnabled,
|
||||||
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
|
||||||
|
|
|
@ -440,9 +440,10 @@ export class SAMLIdentifyProviderService {
|
||||||
'#text': `${this.config.url}/sso/saml/${ssoServiceProvider.id}/metadata`,
|
'#text': `${this.config.url}/sso/saml/${ssoServiceProvider.id}/metadata`,
|
||||||
},
|
},
|
||||||
'saml:Subject': {
|
'saml:Subject': {
|
||||||
'saml:NameID': profile.emailVerified
|
'saml:NameID': {
|
||||||
? { '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', '#text': normalizeEmailAddress(profile.email) }
|
'@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
|
||||||
: { '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', '#text': user.id },
|
'#text': profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
|
||||||
|
},
|
||||||
'saml:SubjectConfirmation': {
|
'saml:SubjectConfirmation': {
|
||||||
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
|
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
|
||||||
'saml:SubjectConfirmationData': {
|
'saml:SubjectConfirmationData': {
|
||||||
|
@ -540,14 +541,14 @@ export class SAMLIdentifyProviderService {
|
||||||
'#text': user.avatarUrl,
|
'#text': user.avatarUrl,
|
||||||
},
|
},
|
||||||
}] : []),
|
}] : []),
|
||||||
...(profile.emailVerified ? [{
|
{
|
||||||
'@Name': 'email',
|
'@Name': 'email',
|
||||||
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||||
'saml:AttributeValue': {
|
'saml:AttributeValue': {
|
||||||
'@xsi:type': 'xs:string',
|
'@xsi:type': 'xs:string',
|
||||||
'#text': normalizeEmailAddress(profile.email),
|
'#text': profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
|
||||||
},
|
},
|
||||||
}] : []),
|
},
|
||||||
{
|
{
|
||||||
'@Name': 'email_verified',
|
'@Name': 'email_verified',
|
||||||
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
|
||||||
|
|
Loading…
Reference in New Issue