From 041d55b6056ca19b919a9f0700afbd91c650f684 Mon Sep 17 00:00:00 2001
From: Thomas Trompette <thomas.trompette@sfr.fr>
Date: Fri, 25 Jul 2025 11:10:38 +0200
Subject: [PATCH] Fix to gmail / ms auth (#13429)

Use user principal for MS + add verif true for google
---
 .../auth/strategies/google.auth.strategy.ts   | 19 +++++++++++++++++--
 .../strategies/microsoft.auth.strategy.ts     | 12 +++++-------
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
index e5b4ba528..b4aa715fe 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/google.auth.strategy.ts
@@ -5,8 +5,12 @@ import { Request } from 'express';
 import { Strategy, VerifyCallback } from 'passport-google-oauth20';
 import { APP_LOCALES } from 'twenty-shared/translations';
 
-import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
+import {
+  AuthException,
+  AuthExceptionCode,
+} from 'src/engine/core-modules/auth/auth.exception';
 import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
+import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
 
 export type GoogleRequest = Omit<
   Request,
@@ -68,8 +72,19 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
         ? JSON.parse(request.query.state)
         : undefined;
 
+    const firstVerifiedEmail = emails.find(
+      (email: { verified: boolean }) => email?.verified === true,
+    )?.value;
+
+    if (!firstVerifiedEmail) {
+      throw new AuthException(
+        'No verified email found',
+        AuthExceptionCode.EMAIL_NOT_VERIFIED,
+      );
+    }
+
     const user: GoogleRequest['user'] = {
-      email: emails[0].value,
+      email: firstVerifiedEmail,
       firstName: name.givenName,
       lastName: name.familyName,
       picture: photos?.[0]?.value,
diff --git a/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts b/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
index 3561d91f5..54f1e49c2 100644
--- a/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
+++ b/packages/twenty-server/src/engine/core-modules/auth/strategies/microsoft.auth.strategy.ts
@@ -9,8 +9,8 @@ import {
   AuthException,
   AuthExceptionCode,
 } from 'src/engine/core-modules/auth/auth.exception';
-import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
 import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
+import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
 
 export type MicrosoftRequest = Omit<
   Request,
@@ -67,24 +67,22 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy, 'microsoft') {
     profile: any,
     done: VerifyCallback,
   ): Promise<void> {
-    const { name, emails, photos } = profile;
+    const { name, userPrincipalName, photos } = profile;
 
     const state =
       typeof request.query.state === 'string'
         ? JSON.parse(request.query.state)
         : undefined;
 
-    const email = emails?.[0]?.value ?? null;
-
-    if (!email) {
+    if (!userPrincipalName) {
       throw new AuthException(
-        'Email not found',
+        'User principal name not found',
         AuthExceptionCode.INVALID_INPUT,
       );
     }
 
     const user: MicrosoftRequest['user'] = {
-      email,
+      email: userPrincipalName,
       firstName: name.givenName,
       lastName: name.familyName,
       picture: photos?.[0]?.value,