fix(SSO): メールアドレスからコメント・タグを除外 (MisskeyIO#544)

This commit is contained in:
まっちゃとーにゅ 2024-03-20 16:15:21 +09:00 committed by GitHub
parent daf297c9c0
commit c45edf2564
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 19 deletions

View File

@ -0,0 +1,5 @@
const specialCharactersRegexp = /(\(.*?\)|(\+.*(?=@)))/gu;
export function normalizeEmailAddress(email: string | null): string | null {
return email?.replaceAll(specialCharactersRegexp, '') ?? null;
}

View File

@ -22,6 +22,7 @@ import type { MiLocalUser } from '@/models/User.js';
import { CacheService } from '@/core/CacheService.js'; import { CacheService } from '@/core/CacheService.js';
import { LoggerService } from '@/core/LoggerService.js'; import { LoggerService } from '@/core/LoggerService.js';
import { RoleService } from '@/core/RoleService.js'; import { RoleService } from '@/core/RoleService.js';
import { normalizeEmailAddress } from '@/misc/normalize-email-address.js';
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance } from 'fastify';
@Injectable() @Injectable()
@ -175,7 +176,7 @@ export class JWTIdentifyProviderService {
preferred_username: user.username, preferred_username: user.username,
profile: `${this.config.url}/@${user.username}`, profile: `${this.config.url}/@${user.username}`,
picture: user.avatarUrl ?? undefined, picture: user.avatarUrl ?? undefined,
email: profile.emailVerified ? profile.email : undefined, email: profile.emailVerified ? normalizeEmailAddress(profile.email) : undefined,
email_verified: profile.emailVerified, email_verified: profile.emailVerified,
mfa_enabled: profile.twoFactorEnabled, mfa_enabled: profile.twoFactorEnabled,
updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000), updated_at: Math.floor((user.updatedAt?.getTime() ?? user.createdAt.getTime()) / 1000),

View File

@ -26,6 +26,7 @@ import { RoleService } from '@/core/RoleService.js';
import type { MiLocalUser } from '@/models/User.js'; import type { MiLocalUser } from '@/models/User.js';
import { bindThis } from '@/decorators.js'; import { bindThis } from '@/decorators.js';
import { DI } from '@/di-symbols.js'; import { DI } from '@/di-symbols.js';
import { normalizeEmailAddress } from '@/misc/normalize-email-address.js';
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance } from 'fastify';
@Injectable() @Injectable()
@ -440,7 +441,7 @@ export class SAMLIdentifyProviderService {
}, },
'saml:Subject': { 'saml:Subject': {
'saml:NameID': profile.emailVerified 'saml:NameID': profile.emailVerified
? { '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', '#text': profile.email } ? { '@Format': 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress', '#text': normalizeEmailAddress(profile.email) }
: { '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', '#text': user.id }, : { '@Format': 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', '#text': user.id },
'saml:SubjectConfirmation': { 'saml:SubjectConfirmation': {
'@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer', '@Method': 'urn:oasis:names:tc:SAML:2.0:cm:bearer',
@ -531,24 +532,14 @@ export class SAMLIdentifyProviderService {
'#text': user.avatarUrl, '#text': user.avatarUrl,
}, },
}] : []), }] : []),
...(profile.emailVerified ? [ ...(profile.emailVerified ? [{
{ '@Name': 'email',
'@Name': 'mail', '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', 'saml:AttributeValue': {
'saml:AttributeValue': { '@xsi:type': 'xs:string',
'@xsi:type': 'xs:string', '#text': normalizeEmailAddress(profile.email),
'#text': profile.email,
},
}, },
{ }] : []),
'@Name': 'email',
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',
'saml:AttributeValue': {
'@xsi:type': 'xs:string',
'#text': profile.email,
},
},
] : []),
{ {
'@Name': 'email_verified', '@Name': 'email_verified',
'@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', '@NameFormat': 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic',