Fix to gmail / ms auth (#13429)

Use user principal for MS + add verif true for google
2025-07-25 11:10:38 +02:00
parent 3fc795f450
commit 041d55b605
2 changed files with 22 additions and 9 deletions
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
@ -5,8 +5,12 @@ import { Request } from 'express';
 import { Strategy, VerifyCallback } from 'passport-google-oauth20';
 import { APP_LOCALES } from 'twenty-shared/translations';

-import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
+import {
+  AuthException,
+  AuthExceptionCode,
+} from 'src/engine/core-modules/auth/auth.exception';
 import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
+import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';

 export type GoogleRequest = Omit<
  Request,
@ -68,8 +72,19 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
        ? JSON.parse(request.query.state)
        : undefined;

+    const firstVerifiedEmail = emails.find(
+      (email: { verified: boolean }) => email?.verified === true,
+    )?.value;
+
+    if (!firstVerifiedEmail) {
+      throw new AuthException(
+        'No verified email found',
+        AuthExceptionCode.EMAIL_NOT_VERIFIED,
+      );
+    }
+
    const user: GoogleRequest['user'] = {
-      email: emails[0].value,
+      email: firstVerifiedEmail,
      firstName: name.givenName,
      lastName: name.familyName,
      picture: photos?.[0]?.value,
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
@ -9,8 +9,8 @@ import {
  AuthException,
  AuthExceptionCode,
 } from 'src/engine/core-modules/auth/auth.exception';
-import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
 import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
+import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';

 export type MicrosoftRequest = Omit<
  Request,
@ -67,24 +67,22 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy, 'microsoft') {
    profile: any,
    done: VerifyCallback,
  ): Promise<void> {
-    const { name, emails, photos } = profile;
+    const { name, userPrincipalName, photos } = profile;

    const state =
      typeof request.query.state === 'string'
        ? JSON.parse(request.query.state)
        : undefined;

-    const email = emails?.[0]?.value ?? null;
-
-    if (!email) {
+    if (!userPrincipalName) {
      throw new AuthException(
-        'Email not found',
+        'User principal name not found',
        AuthExceptionCode.INVALID_INPUT,
      );
    }

    const user: MicrosoftRequest['user'] = {
-      email,
+      email: userPrincipalName,
      firstName: name.givenName,
      lastName: name.familyName,
      picture: photos?.[0]?.value,