FEATURE: Add site setting to override user email address during login

2019-03-26 20:38:46 +00:00 · 2019-03-26 20:38:46 +00:00 · 722fe23b4e
parent 4ccc4d1d5a
commit 722fe23b4e
4 changed files with 26 additions and 0 deletions
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@ -14,6 +14,7 @@ en:
    oauth2_json_email_path: "Path in the OAuth2 User JSON to the user's email: user.email.primary"
    oauth2_json_avatar_path: "Path in the Oauth2 User JSON to the user's avatar: user.avatar_url"
    oauth2_email_verified: "Check this if the OAuth2 site has verified the email"
+    oauth2_overrides_email: "Override the Discourse email with the remote email on every login"
    oauth2_send_auth_header: "Send the token as an HTTP Authorization header"
    oauth2_debug_auth: "Include rich debugging information in your logs"
    oauth2_authorize_options: "When authorizing request these options"
--- a/config/settings.yml
+++ b/config/settings.yml
@ -25,6 +25,7 @@ login:
  oauth2_json_email_path: ''
  oauth2_json_avatar_path: ''
  oauth2_email_verified: false
+  oauth2_overrides_email: false
  oauth2_send_auth_header: true
  oauth2_debug_auth: false
  oauth2_authorize_options:
--- a/plugin.rb
+++ b/plugin.rb
@ -124,6 +124,7 @@ class OAuth2BasicAuthenticator < ::Auth::OAuth2Authenticator
    current_info = ::PluginStore.get("oauth2_basic", "oauth2_basic_user_#{user_details[:user_id]}")
    if current_info
      result.user = User.where(id: current_info[:user_id]).first
+      result.user&.update!(email: result.email) if SiteSetting.oauth2_overrides_email && result.email
    elsif SiteSetting.oauth2_email_verified?
      result.user = User.find_by_email(result.email)
      if result.user && user_details[:user_id]
--- a/spec/plugin_spec.rb
+++ b/spec/plugin_spec.rb
@ -46,6 +46,29 @@ describe OAuth2BasicAuthenticator do
      expect(result.user).to eq(user)
    end

+    it 'updated user email if enabled' do
+      authenticator.stubs(:fetch_user_details).returns(email: user.email, user_id: 'id')
+
+      # Create association
+      result = authenticator.after_authenticate(auth)
+      expect(result.user).to eq(user)
+
+      # Change user email on remote system
+      old_email = user.email
+      authenticator.stubs(:fetch_user_details).returns(email: "newemail@example.com", user_id: 'id')
+
+      # Login again - no change
+      result = authenticator.after_authenticate(auth)
+      expect(result.user).to eq(user)
+      expect(result.user.email).to eq(old_email)
+
+      # Enable site setting
+      SiteSetting.oauth2_overrides_email = true
+      result = authenticator.after_authenticate(auth)
+      expect(result.user).to eq(user)
+      expect(result.user.email).to eq("newemail@example.com")
+    end
+
    context 'avatar downloading' do
      before { SiteSetting.queue_jobs = true }