infer domain from google email address

2024-11-15 18:12:59 +00:00 · 2023-03-29 15:40:50 +02:00 · 2023-03-29 15:40:50 +02:00 · a97991aa83
commit a97991aa83
parent 49ad2d9967
1 changed files with 9 additions and 4 deletions
--- a/acme/challenge.go
+++ b/acme/challenge.go
@ -19,8 +19,8 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log"
 	"net"
+	"net/mail"
 	"net/url"
 	"os"
 	"os/exec"
@ -388,6 +388,7 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
 		Issuer     string `json:"iss,omitempty"`
 		GivenName  string `json:"given_name,omitempty"`
 		FamilyName string `json:"family_name,omitempty"`
+		Email      string `json:"email,omitempty"`
 	}
 	err = idToken.Claims(&claims)
 	if err != nil {
@ -410,10 +411,14 @@ func wireOIDC01Validate(ctx context.Context, ch *Challenge, db DB, jwk *jose.JSO
 	}

 	if claims.Issuer == "https://accounts.google.com" {
-		var handle = fmt.Sprintf("im:wireapp=%s.%s@wire.com", strings.ToLower(claims.GivenName), strings.ToLower(claims.FamilyName))
+		// for internal demo purpose only
+		email, err := mail.ParseAddress(claims.Email)
+		if err != nil {
+			return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "invalid email address"))
+		}
+		var domain = strings.Split(email.Address, "@")[1]
+		var handle = fmt.Sprintf("im:wireapp=%s.%s@%s", strings.ToLower(claims.GivenName), strings.ToLower(claims.FamilyName), domain)
 		var displayName = claims.Handle
-		log.Printf("handle, actual: '%s', expected: '%s'", handle, challengeValues.Handle)
-		log.Printf("displayName, actual: '%s', expected: '%s'", displayName, challengeValues.Name)
 		if challengeValues.Name != displayName || challengeValues.Handle != handle {
 			return storeError(ctx, db, ch, false, NewError(ErrorRejectedIdentifierType, "OIDC claims don't match"))
 		}