spec(SSO): メールアドレスが登録されていない場合、メアドフィールドの値にaactを入れる (MisskeyIO#607)

This commit is contained in:
まっちゃとーにゅ 2024-04-13 15:56:54 +09:00 committed by GitHub
parent 8b214f8247
commit 22e398d2bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 26 additions and 18 deletions

View File

@ -44,6 +44,7 @@ import type { MiLocalUser } from '@/models/User.js';
import { LoggerService } from '@/core/LoggerService.js'; import { LoggerService } from '@/core/LoggerService.js';
import Logger from '@/logger.js'; import Logger from '@/logger.js';
import { StatusError } from '@/misc/status-error.js'; import { StatusError } from '@/misc/status-error.js';
import { normalizeEmailAddress } from '@/misc/normalize-email-address.js';
import type { ServerResponse } from 'node:http'; import type { ServerResponse } from 'node:http';
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance } from 'fastify';
@ -508,25 +509,31 @@ export class OAuth2ProviderService {
return; return;
} }
const accessToken = await this.accessTokensRepository.findOne({ where: { token }, relations: ['user'] }); const accessToken = await this.accessTokensRepository.findOneBy({ token });
if (!accessToken) { if (!accessToken) {
reply.code(401); reply.code(401);
return; return;
} }
const user = await this.userProfilesRepository.findOneBy({ userId: accessToken.userId }); const user = await this.usersRepository.findOneBy({ id: accessToken.userId });
if (!user) {
reply.code(401);
return;
}
const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
reply.code(200); reply.code(200);
return { return {
sub: accessToken.userId, sub: user.id,
name: accessToken.user?.name, name: user.name ? `${user.name} (@${user.username})` : `@${user.username}`,
preferred_username: accessToken.user?.username, preferred_username: user.username,
profile: accessToken.user ? `${this.config.url}/@${accessToken.user.username}` : undefined, profile: `${this.config.url}/@${user.username}`,
picture: accessToken.user?.avatarUrl, picture: user.avatarUrl ?? undefined,
email: user?.email, email: profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
email_verified: user?.emailVerified, email_verified: profile.emailVerified,
mfa_enabled: user?.twoFactorEnabled, mfa_enabled: profile.twoFactorEnabled,
updated_at: Math.floor((accessToken.user?.updatedAt?.getTime() ?? accessToken.user?.createdAt.getTime() ?? 0) / 1000), updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),
}; };
}); });
} }

View File

@ -178,7 +178,7 @@ export class JWTIdentifyProviderService {
preferred_username: user.username, preferred_username: user.username,
profile: `${this.config.url}/@${user.username}`, profile: `${this.config.url}/@${user.username}`,
picture: user.avatarUrl ?? undefined, picture: user.avatarUrl ?? undefined,
email: profile.emailVerified ? normalizeEmailAddress(profile.email) : undefined, email: profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
email_verified: profile.emailVerified, email_verified: profile.emailVerified,
mfa_enabled: profile.twoFactorEnabled, mfa_enabled: profile.twoFactorEnabled,
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000), updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),

View File

@ -440,9 +440,10 @@ export class SAMLIdentifyProviderService {
'#text': `${this.config.url}/sso/saml/${ssoServiceProvider.id}/metadata`, '#text': `${this.config.url}/sso/saml/${ssoServiceProvider.id}/metadata`,
}, },
'saml:Subject': { 'saml:Subject': {
'saml:NameID': profile.emailVerified 'saml:NameID': {
? { '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', '#text': normalizeEmailAddress(profile.email) } '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
: { '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', '#text': user.id }, '#text': profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
},
'saml:SubjectConfirmation': { 'saml:SubjectConfirmation': {
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer', '@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
'saml:SubjectConfirmationData': { 'saml:SubjectConfirmationData': {
@ -540,14 +541,14 @@ export class SAMLIdentifyProviderService {
'#text': user.avatarUrl, '#text': user.avatarUrl,
}, },
}] : []), }] : []),
...(profile.emailVerified ? [{ {
'@Name': 'email', '@Name': 'email',
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
'saml:AttributeValue': { 'saml:AttributeValue': {
'@xsi:type': 'xs:string', '@xsi:type': 'xs:string',
'#text': normalizeEmailAddress(profile.email), '#text': profile.emailVerified ? normalizeEmailAddress(profile.email) : `${user.username}@${this.config.hostname}`,
}, },
}] : []), },
{ {
'@Name': 'email_verified', '@Name': 'email_verified',
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',