fix(core): user claims hot fix (#3109)

2024-12-16 20:26:19 -05:00 · 2023-02-15 10:13:25 +08:00 · 2023-02-15 10:13:25 +08:00 · dbad0ed8a0
commit dbad0ed8a0
parent 087935cfd3
2 changed files with 19 additions and 7 deletions
--- a/packages/core/src/oidc/init.ts
+++ b/packages/core/src/oidc/init.ts
@ -16,7 +16,7 @@ import { routes } from '#src/routes/consts.js';
 import type Libraries from '#src/tenants/Libraries.js';
 import type Queries from '#src/tenants/Queries.js';

-import { claimToUserKey, getUserClaims } from './scope.js';
+import { getUserClaimData, getUserClaims } from './scope.js';

 // Temporarily removed 'EdDSA' since it's not supported by browser yet
 const supportedSigningAlgs = Object.freeze(['RS256', 'PS256', 'ES256', 'ES384', 'ES512'] as const);
@ -170,7 +170,7 @@ export default function initOidc(envSet: EnvSet, queries: Queries, libraries: Li
              ...Object.fromEntries(
                getUserClaims(use, scope, claims, rejected).map((claim) => [
                  claim,
-                  user[claimToUserKey[claim]],
+                  getUserClaimData(user, claim),
                ])
              ),
            },
--- a/packages/core/src/oidc/scope.ts
+++ b/packages/core/src/oidc/scope.ts
@ -4,20 +4,32 @@ import type { User } from '@logto/schemas';
 import type { Nullable } from '@silverhand/essentials';
 import type { ClaimsParameterMember } from 'oidc-provider';

-export const claimToUserKey: Readonly<Record<UserClaim, keyof User>> = Object.freeze({
+export const claimToUserKey: Readonly<
+  Record<Exclude<UserClaim, 'email_verified' | 'phone_number_verified'>, keyof User>
+> = Object.freeze({
  name: 'name',
  picture: 'avatar',
  username: 'username',
  email: 'primaryEmail',
-  // LOG-4165: Change to proper key/function once profile fulfilling implemented
-  email_verified: 'primaryEmail',
  phone_number: 'primaryPhone',
-  // LOG-4165: Change to proper key/function once profile fulfilling implemented
-  phone_number_verified: 'primaryPhone',
  custom_data: 'customData',
  identities: 'identities',
 });

+export const getUserClaimData = (user: User, claim: UserClaim): unknown => {
+  // LOG-4165: Change to proper key/function once profile fulfilling implemented
+  if (claim === 'email_verified') {
+    return Boolean(user.primaryEmail);
+  }
+
+  // LOG-4165: Change to proper key/function once profile fulfilling implemented
+  if (claim === 'phone_number_verified') {
+    return Boolean(user.primaryPhone);
+  }
+
+  return user[claimToUserKey[claim]];
+};
+
 // Ignore `_claims` since [Claims Parameter](https://github.com/panva/node-oidc-provider/tree/main/docs#featuresclaimsparameter) is not enabled
 export const getUserClaims = (
  use: string,