Make the email verification state more configurable on upstream OAuth 2.0 registration

This also marks the email as primary
2025-07-29 22:01:14 +03:00 · 2023-08-31 11:31:06 +02:00
parent 8e5ebcd03f
commit ae3213fe87
8 changed files with 162 additions and 18 deletions
--- a/crates/data-model/src/lib.rs
+++ b/crates/data-model/src/lib.rs
@ -46,9 +46,10 @@ pub use self::{
        AccessToken, AccessTokenState, RefreshToken, RefreshTokenState, TokenFormatError, TokenType,
    },
    upstream_oauth2::{
-        UpstreamOAuthAuthorizationSession, UpstreamOAuthAuthorizationSessionState,
-        UpstreamOAuthLink, UpstreamOAuthProvider, UpstreamOAuthProviderClaimsImports,
-        UpstreamOAuthProviderImportAction, UpstreamOAuthProviderImportPreference,
+        UpsreamOAuthProviderSetEmailVerification, UpstreamOAuthAuthorizationSession,
+        UpstreamOAuthAuthorizationSessionState, UpstreamOAuthLink, UpstreamOAuthProvider,
+        UpstreamOAuthProviderClaimsImports, UpstreamOAuthProviderImportAction,
+        UpstreamOAuthProviderImportPreference,
    },
    users::{
        Authentication, AuthenticationMethod, BrowserSession, Password, User, UserEmail,
--- a/crates/data-model/src/upstream_oauth2/mod.rs
+++ b/crates/data-model/src/upstream_oauth2/mod.rs
@ -21,7 +21,8 @@ pub use self::{
    provider::{
        ClaimsImports as UpstreamOAuthProviderClaimsImports,
        ImportAction as UpstreamOAuthProviderImportAction,
-        ImportPreference as UpstreamOAuthProviderImportPreference, UpstreamOAuthProvider,
+        ImportPreference as UpstreamOAuthProviderImportPreference,
+        SetEmailVerification as UpsreamOAuthProviderSetEmailVerification, UpstreamOAuthProvider,
    },
    session::{UpstreamOAuthAuthorizationSession, UpstreamOAuthAuthorizationSessionState},
 };
--- a/crates/data-model/src/upstream_oauth2/provider.rs
+++ b/crates/data-model/src/upstream_oauth2/provider.rs
@ -31,6 +31,32 @@ pub struct UpstreamOAuthProvider {
    pub claims_imports: ClaimsImports,
 }

+/// Whether to set the email as verified when importing it from the upstream
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]
+#[serde(rename_all = "lowercase")]
+pub enum SetEmailVerification {
+    /// Set the email as verified
+    Always,
+
+    /// Never set the email as verified
+    Never,
+
+    /// Set the email as verified if the upstream provider claims it is verified
+    #[default]
+    Import,
+}
+
+impl SetEmailVerification {
+    #[must_use]
+    pub fn should_mark_as_verified(&self, upstream_verified: bool) -> bool {
+        match self {
+            Self::Always => true,
+            Self::Never => false,
+            Self::Import => upstream_verified,
+        }
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]
 pub struct ClaimsImports {
    #[serde(default)]
@ -41,6 +67,9 @@ pub struct ClaimsImports {

    #[serde(default)]
    pub email: ImportPreference,
+
+    #[serde(default)]
+    pub verify_email: SetEmailVerification,
 }

 #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, Default)]