Fix to gmail / ms auth (#13429)

Use user principal for MS + add verif true for google
This commit is contained in:
Thomas Trompette
2025-07-25 11:10:38 +02:00
committed by GitHub
parent 3fc795f450
commit 041d55b605
2 changed files with 22 additions and 9 deletions

View File

@ -5,8 +5,12 @@ import { Request } from 'express';
import { Strategy, VerifyCallback } from 'passport-google-oauth20'; import { Strategy, VerifyCallback } from 'passport-google-oauth20';
import { APP_LOCALES } from 'twenty-shared/translations'; import { APP_LOCALES } from 'twenty-shared/translations';
import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service'; import {
AuthException,
AuthExceptionCode,
} from 'src/engine/core-modules/auth/auth.exception';
import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type'; import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
export type GoogleRequest = Omit< export type GoogleRequest = Omit<
Request, Request,
@ -68,8 +72,19 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
? JSON.parse(request.query.state) ? JSON.parse(request.query.state)
: undefined; : undefined;
const firstVerifiedEmail = emails.find(
(email: { verified: boolean }) => email?.verified === true,
)?.value;
if (!firstVerifiedEmail) {
throw new AuthException(
'No verified email found',
AuthExceptionCode.EMAIL_NOT_VERIFIED,
);
}
const user: GoogleRequest['user'] = { const user: GoogleRequest['user'] = {
email: emails[0].value, email: firstVerifiedEmail,
firstName: name.givenName, firstName: name.givenName,
lastName: name.familyName, lastName: name.familyName,
picture: photos?.[0]?.value, picture: photos?.[0]?.value,

View File

@ -9,8 +9,8 @@ import {
AuthException, AuthException,
AuthExceptionCode, AuthExceptionCode,
} from 'src/engine/core-modules/auth/auth.exception'; } from 'src/engine/core-modules/auth/auth.exception';
import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type'; import { SocialSSOSignInUpActionType } from 'src/engine/core-modules/auth/types/signInUp.type';
import { TwentyConfigService } from 'src/engine/core-modules/twenty-config/twenty-config.service';
export type MicrosoftRequest = Omit< export type MicrosoftRequest = Omit<
Request, Request,
@ -67,24 +67,22 @@ export class MicrosoftStrategy extends PassportStrategy(Strategy, 'microsoft') {
profile: any, profile: any,
done: VerifyCallback, done: VerifyCallback,
): Promise<void> { ): Promise<void> {
const { name, emails, photos } = profile; const { name, userPrincipalName, photos } = profile;
const state = const state =
typeof request.query.state === 'string' typeof request.query.state === 'string'
? JSON.parse(request.query.state) ? JSON.parse(request.query.state)
: undefined; : undefined;
const email = emails?.[0]?.value ?? null; if (!userPrincipalName) {
if (!email) {
throw new AuthException( throw new AuthException(
'Email not found', 'User principal name not found',
AuthExceptionCode.INVALID_INPUT, AuthExceptionCode.INVALID_INPUT,
); );
} }
const user: MicrosoftRequest['user'] = { const user: MicrosoftRequest['user'] = {
email, email: userPrincipalName,
firstName: name.givenName, firstName: name.givenName,
lastName: name.familyName, lastName: name.familyName,
picture: photos?.[0]?.value, picture: photos?.[0]?.value,