From 6e55e61a1a3759c218a46aec8bd555c30cdf902b Mon Sep 17 00:00:00 2001
From: Justin Angel <justinangel86@gmail.com>
Date: Sun, 2 Nov 2025 10:26:00 -0500
Subject: [PATCH] test oidc.use_unverified_email

---
 hscontrol/types/users_test.go | 27 +++++++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/hscontrol/types/users_test.go b/hscontrol/types/users_test.go
index f36489a3..86f68501 100644
--- a/hscontrol/types/users_test.go
+++ b/hscontrol/types/users_test.go
@@ -291,9 +291,10 @@ func TestCleanIdentifier(t *testing.T) {
 
 func TestOIDCClaimsJSONToUser(t *testing.T) {
 	tests := []struct {
-		name    string
-		jsonstr string
-		want    User
+		name               string
+		jsonstr            string
+		useUnverifiedEmail bool
+		want               User
 	}{
 		{
 			name: "normal-bool",
@@ -348,6 +349,24 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "use-unverified-email",
+			jsonstr: `
+{
+  "sub": "test-unverified-email",
+  "email": "test-unverified-email@test.no",
+  "email_verified": "false"
+}
+			`,
+			useUnverifiedEmail: true,
+			want: User{
+				Provider: util.RegisterMethodOIDC,
+				ProviderIdentifier: sql.NullString{
+					String: "/test-unverified-email",
+					Valid:  true,
+				},
+			},
+		},
 		{
 			// From https://github.com/juanfont/headscale/issues/2333
 			name: "okta-oidc-claim-20250121",
@@ -458,7 +477,7 @@ func TestOIDCClaimsJSONToUser(t *testing.T) {
 
 			var user User
 
-			user.FromClaim(&got)
+			user.FromClaim(&got, tt.useUnverifiedEmail)
 			if diff := cmp.Diff(user, tt.want); diff != "" {
 				t.Errorf("TestOIDCClaimsJSONToUser() mismatch (-want +got):\n%s", diff)
 			}