From dbeb23df3eb42631aa74b6a0dff6c6040ea13e22 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Wed, 13 Jan 2021 12:56:54 +0100 Subject: [PATCH] Throw exception when email not found. --- backend/src/Squidex.Infrastructure/Security/Extensions.cs | 2 +- .../Controllers/Account/AccountController.cs | 7 ++++++- .../Areas/IdentityServer/Controllers/Extensions.cs | 2 +- backend/src/Squidex/Config/MyIdentityOptions.cs | 8 ++++---- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/backend/src/Squidex.Infrastructure/Security/Extensions.cs b/backend/src/Squidex.Infrastructure/Security/Extensions.cs index d7fd08294..181c637f5 100644 --- a/backend/src/Squidex.Infrastructure/Security/Extensions.cs +++ b/backend/src/Squidex.Infrastructure/Security/Extensions.cs @@ -67,7 +67,7 @@ namespace Squidex.Infrastructure.Security return principal.Claims.FirstOrDefault(x => x.Type == OpenIdClaims.Email)?.Value; } - public static string? TryFindEmail(this ClaimsPrincipal principal) + public static string? GetEmail(this ClaimsPrincipal principal) { return principal.Claims.FirstOrDefault(x => x.Type == ClaimTypes.Email)?.Value ?? principal.Claims.FirstOrDefault(x => x.Type == OpenIdClaims.Email)?.Value; diff --git a/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs b/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs index ccdb8f59a..8cbbacad2 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Controllers/Account/AccountController.cs @@ -294,7 +294,12 @@ namespace Squidex.Areas.IdentityServer.Controllers.Account } else { - var email = externalLogin.Principal.TryFindEmail(); + var email = externalLogin.Principal.GetEmail(); + + if (string.IsNullOrWhiteSpace(email)) + { + throw new DomainException("User has no exposed email address."); + } user = await userManager.FindByEmailWithClaimsAsync(email); diff --git a/backend/src/Squidex/Areas/IdentityServer/Controllers/Extensions.cs b/backend/src/Squidex/Areas/IdentityServer/Controllers/Extensions.cs index 8a54c7232..2df67a991 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Controllers/Extensions.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Controllers/Extensions.cs @@ -23,7 +23,7 @@ namespace Squidex.Areas.IdentityServer.Controllers { var externalLogin = await signInManager.GetExternalLoginInfoAsync(expectedXsrf); - var email = externalLogin.Principal.TryFindEmail(); + var email = externalLogin.Principal.GetEmail(); if (string.IsNullOrWhiteSpace(email)) { diff --git a/backend/src/Squidex/Config/MyIdentityOptions.cs b/backend/src/Squidex/Config/MyIdentityOptions.cs index 05d5f7156..71fb886df 100644 --- a/backend/src/Squidex/Config/MyIdentityOptions.cs +++ b/backend/src/Squidex/Config/MyIdentityOptions.cs @@ -51,16 +51,16 @@ namespace Squidex.Config public string OidcRoleClaimType { get; set; } - public string[] OidcScopes { get; set; } - public string OidcResponseType { get; set; } + public string OidcOnSignoutRedirectUrl { get; set; } + + public string[] OidcScopes { get; set; } + public bool OidcGetClaimsFromUserInfoEndpoint { get; set; } public Dictionary OidcRoleMapping { get; set; } - public string OidcOnSignoutRedirectUrl { get; set; } - public bool AdminRecreate { get; set; } public bool AllowPasswordAuth { get; set; }