From dcc35118850891d2f30a9b9a885cdcf47c2bea88 Mon Sep 17 00:00:00 2001
From: Timshel <timshel@users.noreply.github.com>
Date: Thu, 12 Jun 2025 15:54:17 +0200
Subject: [PATCH] Check email_verified in id_token and user_info

---
 src/sso.rs | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/sso.rs b/src/sso.rs
index 935f2c8f..012beeac 100644
--- a/src/sso.rs
+++ b/src/sso.rs
@@ -462,14 +462,11 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                 }
             };
 
-            let email = match id_claims.email() {
-                Some(email) => email.to_string(),
-                None => match user_info.email() {
-                    None => err!("Neither id token nor userinfo contained an email"),
-                    Some(email) => email.to_owned().to_string(),
-                },
-            }
-            .to_lowercase();
+            let email = match id_claims.email().or(user_info.email()) {
+                None => err!("Neither id token nor userinfo contained an email"),
+                Some(e) => e.to_string().to_lowercase(),
+            };
+            let email_verified = id_claims.email_verified().or(user_info.email_verified());
 
             let user_name = user_info.preferred_username().map(|un| un.to_string());
 
@@ -486,7 +483,7 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                 expires_in: token_response.expires_in(),
                 identifier: identifier.clone(),
                 email: email.clone(),
-                email_verified: id_claims.email_verified(),
+                email_verified,
                 user_name: user_name.clone(),
             };
 
@@ -496,7 +493,7 @@ pub async fn exchange_code(wrapped_code: &str, conn: &mut DbConn) -> ApiResult<U
                 state,
                 identifier,
                 email,
-                email_verified: id_claims.email_verified(),
+                email_verified,
                 user_name,
             })
         }