Skip to content

Commit 574e5d3

Browse files
kylecarbskylecarbs
authored
fix: Remove case sensitivity check in OIDC email domain (coder#4534)
Fixes coder#4533.
1 parent 0d0ea98 commit 574e5d3

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

coderd/userauth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -261,7 +261,7 @@ func (api *API) userOIDC(rw http.ResponseWriter, r *http.Request) {
261261
username = httpapi.UsernameFrom(username)
262262
}
263263
if api.OIDCConfig.EmailDomain != "" {
264-
if !strings.HasSuffix(email, api.OIDCConfig.EmailDomain) {
264+
if !strings.HasSuffix(strings.ToLower(email), strings.ToLower(api.OIDCConfig.EmailDomain)) {
265265
httpapi.Write(ctx, rw, http.StatusForbidden, codersdk.Response{
266266
Message: fmt.Sprintf("Your email %q is not a part of the %q domain!", email, api.OIDCConfig.EmailDomain),
267267
})

coderd/userauth_test.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -373,6 +373,15 @@ func TestUserOIDC(t *testing.T) {
373373
AllowSignups: true,
374374
EmailDomain: "coder.com",
375375
StatusCode: http.StatusForbidden,
376+
}, {
377+
Name: "EmailDomainCaseInsensitive",
378+
Claims: jwt.MapClaims{
379+
"email": "kyle@KWC.io",
380+
"email_verified": true,
381+
},
382+
AllowSignups: true,
383+
EmailDomain: "kwc.io",
384+
StatusCode: http.StatusTemporaryRedirect,
376385
}, {
377386
Name: "EmptyClaims",
378387
Claims: jwt.MapClaims{},

0 commit comments

Comments
 (0)