Make the email verification state more configurable on upstream OAuth 2.0 registration

This also marks the email as primary
2025-11-20 12:02:22 +03:00 · 2023-08-31 11:31:06 +02:00
parent 8e5ebcd03f
commit ae3213fe87
8 changed files with 162 additions and 18 deletions
--- a/crates/config/src/sections/mod.rs
+++ b/crates/config/src/sections/mod.rs
@@ -49,8 +49,11 @@ pub use self::{
    },
    templates::TemplatesConfig,
    upstream_oauth2::{
-        ClaimsImports as UpstreamOAuth2ClaimsImports, ImportAction as UpstreamOAuth2ImportAction,
-        ImportPreference as UpstreamOAuth2ImportPreference, UpstreamOAuth2Config,
+        ClaimsImports as UpstreamOAuth2ClaimsImports,
+        EmailImportPreference as UpstreamOAuth2EmailImportPreference,
+        ImportAction as UpstreamOAuth2ImportAction,
+        ImportPreference as UpstreamOAuth2ImportPreference,
+        SetEmailVerification as UpstreamOAuth2SetEmailVerification, UpstreamOAuth2Config,
    },
 };
 use crate::util::ConfigurationSection;
--- a/crates/config/src/sections/upstream_oauth2.rs
+++ b/crates/config/src/sections/upstream_oauth2.rs
@@ -104,6 +104,34 @@ pub struct ImportPreference {
    pub action: ImportAction,
 }

+/// Should the email address be marked as verified
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default, JsonSchema)]
+#[serde(rename_all = "lowercase")]
+pub enum SetEmailVerification {
+    /// Mark the email address as verified
+    Always,
+
+    /// Don't mark the email address as verified
+    Never,
+
+    /// Mark the email address as verified if the upstream provider says it is
+    /// through the `email_verified` claim
+    #[default]
+    Import,
+}
+
+/// What should be done with the email claim
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default, JsonSchema)]
+pub struct EmailImportPreference {
+    /// How to handle the claim
+    #[serde(default)]
+    pub action: ImportAction,
+
+    /// Should the email address be marked as verified
+    #[serde(default)]
+    pub set_email_verification: SetEmailVerification,
+}
+
 /// How claims should be imported
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default, JsonSchema)]
 pub struct ClaimsImports {
@@ -118,7 +146,7 @@ pub struct ClaimsImports {
    /// Import the email address of the user based on the `email` and
    /// `email_verified` claims
    #[serde(default)]
-    pub email: Option<ImportPreference>,
+    pub email: Option<EmailImportPreference>,
 }

 #[skip_serializing_none]