Merge pull request #3592 from sbwalker/dev

refactor logic related to domain filtering for emails during external login
2023-12-21 15:55:07 -05:00 · 2023-12-21 15:55:07 -05:00 · b0a079dce9
commit b0a079dce9
parent 140535d875 52069f35c5
1 changed files with 24 additions and 12 deletions
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@ -205,6 +205,10 @@ namespace Oqtane.Extensions
                                {
                                    email = item[emailClaimType].ToString().ToLower();
                                }
+                                else
+                                {
+                                    id = ""; // if email is not valid we will assume id is not valid
+                                }
                            }
                        }
                        if (!string.IsNullOrEmpty(id))
@ -290,6 +294,10 @@ namespace Oqtane.Extensions
                {
                    email = context.Principal.FindFirstValue(emailClaimType);
                }
+                else
+                {
+                    id = ""; // if email is not valid we will assume id is not valid
+                }
            }

            // validate user
@ -610,23 +618,27 @@ namespace Oqtane.Extensions

        private static bool EmailValid(string email, string domainfilter)
        {
-            if (!string.IsNullOrEmpty(email) && email.Contains("@") && email.Contains("."))
+            if (!string.IsNullOrEmpty(email))
            {
-                var domains = domainfilter.ToLower().Split(',', StringSplitOptions.RemoveEmptyEntries);
-                foreach (var domain in domains)
+                if (email.Contains("@") && email.Contains("."))
                {
-                    if (domain.StartsWith("!"))
+                    var domains = domainfilter.ToLower().Split(',', StringSplitOptions.RemoveEmptyEntries);
+                    foreach (var domain in domains)
                    {
-                        if (email.ToLower().Contains(domain.Substring(1))) return false;
-                    }
-                    else
-                    {
-                        if (!email.ToLower().Contains(domain)) return false;
+                        if (domain.StartsWith("!"))
+                        {
+                            if (email.ToLower().Contains(domain.Substring(1))) return false;
+                        }
+                        else
+                        {
+                            if (!email.ToLower().Contains(domain)) return false;
+                        }
                    }
+                    return true;
                }
-                return true;
+                return false;
            }            
-            return false;
+            return (string.IsNullOrEmpty(domainfilter)); // email is optional unless domain filter is specified
        }
    }
 }