feat: Accept email as verified if verified_email claim is not present in OIDC provider (OD-2573)

2025-12-08 18:26:30 +00:00 · 2025-10-02 21:52:46 +08:00 · 2025-10-02 21:52:46 +08:00 · 16a4178fef
commit 16a4178fef
parent 2f0311fe8a
3 changed files with 6 additions and 5 deletions
--- a/server-core/src/main/java/io/onedev/server/exception/PullRequestReviewRejectedException.java
+++ b/server-core/src/main/java/io/onedev/server/exception/PullRequestReviewRejectedException.java
@ -5,7 +5,7 @@ import io.onedev.commons.utils.ExplicitException;
 public class PullRequestReviewRejectedException extends ExplicitException {

 	public PullRequestReviewRejectedException(String message) {
-		super(message);
+		super(message);		
 	}

 }
--- a/server-plugin/server-plugin-sso-discord/src/main/java/io/onedev/server/plugin/sso/discord/DiscordConnector.java
+++ b/server-plugin/server-plugin-sso-discord/src/main/java/io/onedev/server/plugin/sso/discord/DiscordConnector.java
@ -118,7 +118,7 @@ public class DiscordConnector extends SsoConnector {
 				String userName = (String) userObject.get("username");
 				String email = StringUtils.trimToNull((String) userObject.get("email"));
 				Boolean verified = (Boolean) userObject.get("verified");
-				if (!Boolean.TRUE.equals(verified))
+				if (verified != null && !verified)
 					email = null;
 				
 				if (bCheckGuilds) {
--- a/server-plugin/server-plugin-sso-openid/src/main/java/io/onedev/server/plugin/sso/openid/OpenIdConnector.java
+++ b/server-plugin/server-plugin-sso-openid/src/main/java/io/onedev/server/plugin/sso/openid/OpenIdConnector.java
@ -225,10 +225,11 @@ public class OpenIdConnector extends SsoConnector {

 			String subject = claims.getSubject();
 			String email = StringUtils.trimToNull(claims.getStringClaim("email"));
+
 			Boolean emailVerified = claims.getBooleanClaim("email_verified");
 			if (emailVerified == null)
 				emailVerified = claims.getBooleanClaim("emailVerified");
-			if (!Boolean.TRUE.equals(emailVerified))
+			if (emailVerified != null && !emailVerified)
 				email = null;

 			String userName = StringUtils.trimToNull(claims.getStringClaim("preferred_username"));
@ -264,7 +265,7 @@ public class OpenIdConnector extends SsoConnector {
 						emailVerified = getBooleanValue(json.get("email_verified"));
 						if (emailVerified == null)
 							emailVerified = getBooleanValue(json.get("emailVerified"));
-						if (!Boolean.TRUE.equals(emailVerified))
+						if (emailVerified != null && !emailVerified)
 							email = null;
 					}
 						
@ -335,7 +336,7 @@ public class OpenIdConnector extends SsoConnector {
 	public void setRequestScopes(String requestScopes) {
 		this.requestScopes = requestScopes;
 	}
-
+		
 	@Editable(order=10100, group = "More Settings", description="Optionally specify the OpenID claim to retrieve " +
 			"groups of authenticated user. Depending on the provider, you may need to request additional scopes " +
 			"above to make this claim available")