allow the either username or email is empty which returns from oauth 2.0 provider, but require both to be present when automatically registering a new user

Author: mayswind

pkg/api/oauth2_authentications.go

@@ -208,9 +208,20 @@ func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *
 		return a.redirectToFailedCallbackPage(c, errs.ErrCannotRetrieveUserInfo)
 	}
 
-	if oauth2UserInfo.UserName == "" || oauth2UserInfo.Email == "" {
-		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, userName: %s, email: %s", oauth2UserInfo.UserName, oauth2UserInfo.Email)
-		return a.redirectToFailedCallbackPage(c, errs.ErrCannotRetrieveUserInfo)
+	log.Infof(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 user info, userName: %s, email: %s", oauth2UserInfo.UserName, oauth2UserInfo.Email)
+
+	if oauth2UserInfo.UserName == "" && oauth2UserInfo.Email == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameAndEmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail && oauth2UserInfo.Email == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, email is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername && oauth2UserInfo.UserName == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, userName is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmpty)
 	}
 
 	userExternalAuthType := oauth2.GetExternalUserAuthType()
@@ -221,7 +232,7 @@ func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *
 	} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
 		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalUserName(c, oauth2UserInfo.UserName, userExternalAuthType)
 	} else {
-		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalEmail(c, oauth2UserInfo.Email, userExternalAuthType)
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotSupported)
 	}
 
 	if err != nil && !errors.Is(err, errs.ErrUserExternalAuthNotFound) {
@@ -257,7 +268,7 @@ func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *
 			} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
 				user, err = a.users.GetUserByUsername(c, oauth2UserInfo.UserName)
 			} else {
-				user, err = a.users.GetUserByEmail(c, oauth2UserInfo.Email)
+				err = errs.ErrNotSupported
 			}
 
 			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
@@ -267,6 +278,14 @@ func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *
 		}
 
 		if user == nil && a.CurrentConfig().EnableUserRegister && a.CurrentConfig().OAuth2AutoRegister {
+			if oauth2UserInfo.UserName == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmptyCannotRegister)
+			}
+
+			if oauth2UserInfo.Email == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmptyCannotRegister)
+			}
+
 			userName := strings.TrimSpace(oauth2UserInfo.UserName)
 			email := strings.TrimSpace(oauth2UserInfo.Email)
 			nickName := strings.TrimSpace(oauth2UserInfo.NickName)

pkg/errs/oauth2.go

@@ -17,4 +17,9 @@ var (
 	ErrInvalidOAuth2Token                  = NewNormalError(NormalSubcategoryOAuth2, 8, http.StatusBadRequest, "invalid oauth2 token")
 	ErrCannotRetrieveUserInfo              = NewNormalError(NormalSubcategoryOAuth2, 9, http.StatusBadRequest, "cannot retrieve user info from oauth2 provider")
 	ErrOAuth2UserAlreadyBoundToAnotherUser = NewNormalError(NormalSubcategoryOAuth2, 10, http.StatusBadRequest, "oauth2 user already bound to another user")
+	ErrOAuth2UserNameAndEmailEmpty         = NewNormalError(NormalSubcategoryOAuth2, 11, http.StatusBadRequest, "user name and email from oauth2 provider are both empty")
+	ErrOAuth2UserNameEmpty                 = NewNormalError(NormalSubcategoryOAuth2, 12, http.StatusBadRequest, "user name from oauth2 provider is empty")
+	ErrOAuth2EmailEmpty                    = NewNormalError(NormalSubcategoryOAuth2, 13, http.StatusBadRequest, "email from oauth2 provider is empty")
+	ErrOAuth2UserNameEmptyCannotRegister   = NewNormalError(NormalSubcategoryOAuth2, 14, http.StatusBadRequest, "user name from oauth2 provider is empty, cannot register new user")
+	ErrOAuth2EmailEmptyCannotRegister      = NewNormalError(NormalSubcategoryOAuth2, 15, http.StatusBadRequest, "email from oauth2 provider is empty, cannot register new user")
 )

src/locales/de.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/en.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/es.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/fr.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/it.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/ja.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/kn.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "OAuth 2.0 ಟೋಕನ್ ಅಮಾನ್ಯವಾಗಿದೆ",
         "cannot retrieve user info from oauth2 provider": "OAuth 2.0 ಪೂರೈಕೆದಾರರಿಂದ ಬಳಕೆದಾರ ಮಾಹಿತಿಯನ್ನು ಪಡೆಯಲು ಸಾಧ್ಯವಿಲ್ಲ",
         "oauth2 user already bound to another user": "OAuth 2.0 ಬಳಕೆದಾರ ಈಗಾಗಲೇ ಇನ್ನೊಬ್ಬ ಬಳಕೆದಾರನಿಗೆ ಬೌಂಡ್ ಆಗಿದ್ದಾನೆ",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",

src/locales/ko.json

@@ -1270,6 +1270,11 @@
         "invalid oauth2 token": "Invalid OAuth 2.0 token",
         "cannot retrieve user info from oauth2 provider": "Cannot retrieve user info from OAuth 2.0 provider",
         "oauth2 user already bound to another user": "OAuth 2.0 user is already bound to another user",
+        "user name and email from oauth2 provider are both empty": "User name and email from OAuth 2.0 provider are both empty",
+        "user name from oauth2 provider is empty": "User name from OAuth 2.0 provider is empty",
+        "email from oauth2 provider is empty": "Email from OAuth 2.0 provider is empty",
+        "user name from oauth2 provider is empty, cannot register new user": "User name from OAuth 2.0 provider is empty, cannot register new user",
+        "email from oauth2 provider is empty, cannot register new user": "Email from OAuth 2.0 provider is empty, cannot register new user",
         "explorer id is invalid": "Explorer ID is invalid",
         "explorer not found": "Explorer is not found",
         "explorer data is invalid": "Explorer data is invalid",