feat(oidc): allow email prefix as username fallback

2025-06-01 01:15:56 +02:00 · 2025-05-18 16:03:08 +03:00 · 2025-05-18 16:03:08 +03:00 · 101b998b21
commit 101b998b21
parent 1605e2a7a9
3 changed files with 33 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,8 @@
 # CHANGELOG

 ## Next
+- OIDC: Fallback to using email prefix as username if is EmailVerified when
+  preferred_username is missing

 ### BREAKING

--- a/hscontrol/types/users.go
+++ b/hscontrol/types/users.go
@ -273,7 +273,7 @@ func CleanIdentifier(identifier string) string {
 				cleanParts = append(cleanParts, part)
 			}
 		}
-		
+
 		if len(cleanParts) == 0 {
 			u.Path = ""
 		} else {
@ -319,6 +319,14 @@ func (u *User) FromClaim(claims *OIDCClaims) {
 		u.Name = claims.Username
 	} else {
 		log.Debug().Err(err).Msgf("Username %s is not valid", claims.Username)
+
+		if claims.Email != "" && claims.EmailVerified {
+			emailParts := strings.Split(claims.Email, "@")
+			if len(emailParts) > 0 && emailParts[0] != "" {
+				u.Name = emailParts[0]
+				log.Debug().Msgf("Using email prefix %s as name", u.Name)
+			}
+		}
 	}

 	if claims.EmailVerified {
--- a/hscontrol/types/users_test.go
+++ b/hscontrol/types/users_test.go
@ -307,6 +307,7 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 			want: User{
 				Provider: util.RegisterMethodOIDC,
 				Email:    "test@test.no",
+				Name:     "test", // Expect email prefix to be used as fallback name
 				ProviderIdentifier: sql.NullString{
 					String: "/test",
 					Valid:  true,
@ -325,6 +326,7 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 			want: User{
 				Provider: util.RegisterMethodOIDC,
 				Email:    "test2@test.no",
+				Name:     "test2", // Expect email prefix to be used as fallback name
 				ProviderIdentifier: sql.NullString{
 					String: "/test2",
 					Valid:  true,
@ -446,6 +448,26 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 				ProfilePicURL: "https://cdn.casbin.org/img/casbin.svg",
 			},
 		},
+		{
+			name: "empty-username-use-email-prefix",
+			jsonstr: `
+{
+  "sub": "123456789",
+  "email": "johndoe@example.com",
+  "email_verified": true,
+  "iss": "https://auth.example.com"
+}
+			`,
+			want: User{
+				Provider: util.RegisterMethodOIDC,
+				Email:    "johndoe@example.com",
+				Name:     "johndoe", // Should use email prefix
+				ProviderIdentifier: sql.NullString{
+					String: "https://auth.example.com/123456789",
+					Valid:  true,
+				},
+			},
+		},
 	}

 	for _, tt := range tests {