fix(core): Use lower cased email for SAML email attribute (#6663)

lower case saml email attribute
2025-03-05 20:50:17 -08:00 · 2023-07-13 23:41:52 +02:00 · 2023-07-13 23:41:52 +02:00 · eedde24cc0
parent 0c47be254b
commit eedde24cc0
2 changed files with 4 additions and 2 deletions
--- a/packages/cli/src/sso/saml/saml.service.ee.ts
+++ b/packages/cli/src/sso/saml/saml.service.ee.ts
@ -145,8 +145,9 @@ export class SamlService {
 	}> {
 		const attributes = await this.getAttributesFromLoginResponse(req, binding);
 		if (attributes.email) {
 			const lowerCasedEmail = attributes.email.toLowerCase();
 			const user = await Db.collections.User.findOne({
-				where: { email: attributes.email },
+				where: { email: lowerCasedEmail },
 				relations: ['globalRole', 'authIdentities'],
 			});
 			if (user) {
--- a/packages/cli/src/sso/saml/samlHelpers.ts
+++ b/packages/cli/src/sso/saml/samlHelpers.ts
@ -97,7 +97,8 @@ export function generatePassword(): string {
 export async function createUserFromSamlAttributes(attributes: SamlUserAttributes): Promise<User> {
 	const user = new User();
 	const authIdentity = new AuthIdentity();
-	user.email = attributes.email;
+	const lowerCasedEmail = attributes.email?.toLowerCase() ?? '';
 	user.email = lowerCasedEmail;
 	user.firstName = attributes.firstName;
 	user.lastName = attributes.lastName;
 	user.globalRole = await Container.get(RoleRepository).findGlobalMemberRoleOrFail();