From 2b6397b6cb1b72436ec7c4492c199729a9226d97 Mon Sep 17 00:00:00 2001
From: Natalie Tay <natalie.tay@gmail.com>
Date: Fri, 1 Dec 2023 01:19:11 +0800
Subject: [PATCH] DEV: Case insensitive check on email_verified field (#70)

---
 lib/openid_connect_authenticator.rb           | 3 ++-
 spec/lib/openid_connect_authenticator_spec.rb | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/openid_connect_authenticator.rb b/lib/openid_connect_authenticator.rb
index 3b1a408..9496ca3 100644
--- a/lib/openid_connect_authenticator.rb
+++ b/lib/openid_connect_authenticator.rb
@@ -24,7 +24,8 @@ class OpenIDConnectAuthenticator < Auth::ManagedAuthenticator
       true
     else
       # Many providers violate the spec, and send this as a string rather than a boolean
-      supplied_verified_boolean == true || supplied_verified_boolean == "true"
+      supplied_verified_boolean == true ||
+        (supplied_verified_boolean.is_a?(String) && supplied_verified_boolean.downcase == "true")
     end
   end
 
diff --git a/spec/lib/openid_connect_authenticator_spec.rb b/spec/lib/openid_connect_authenticator_spec.rb
index ebae2ea..495326f 100644
--- a/spec/lib/openid_connect_authenticator_spec.rb
+++ b/spec/lib/openid_connect_authenticator_spec.rb
@@ -45,6 +45,12 @@ describe OpenIDConnectAuthenticator do
       result = authenticator.after_authenticate(hash)
       expect(result.user).to eq(user)
     end
+
+    it "matches the user as a titlecase true string" do
+      hash[:extra][:raw_info][:email_verified] = "True"
+      result = authenticator.after_authenticate(hash)
+      expect(result.user).to eq(user)
+    end
   end
 
   context "when email_verified is false" do