fix: NPE when email_verified claim is missing in OIDC request

Closes: #1054

ERRORCODES.md

@@ -30,3 +30,5 @@ ERR_1023 | Book already present in ReadingList
 ERR_1024 | OAuth2 login error: no email attribute
 ERR_1025 | OAuth2 login error: no local user exist with that email
 ERR_1026 | OpenIDConnect login error: email not verified
+ERR_1027 | OpenIDConnect login error: no email_verified attribute
+ERR_1028 | OpenIDConnect login error: no email attribute

komga-webui/src/locales/en.json

@@ -655,7 +655,9 @@
     "ERR_1023": "Book already present in ReadingList",
     "ERR_1024": "OAuth2 login error: no email attribute",
     "ERR_1025": "OAuth2 login error: no local user exist with that email",
-    "ERR_1026": "OpenID Connect login error: email not verified"
+    "ERR_1026": "OpenID Connect login error: email not verified",
+    "ERR_1027": "OpenID Connect login error: no email_verified attribute",
+    "ERR_1028": "OpenID Connect login error: no email attribute"
   },
   "filter": {
     "age_rating": "age rating",

komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt

@@ -56,7 +56,9 @@ class KomgaOAuth2UserServiceConfiguration(
     return OAuth2UserService { userRequest: OidcUserRequest ->
       val oidcUser = delegate.loadUser(userRequest)
 
-      if (!oidcUser.emailVerified) throw OAuth2AuthenticationException("ERR_1026")
+      if (oidcUser.email == null) throw OAuth2AuthenticationException("ERR_1028")
+      if (oidcUser.emailVerified == null) throw OAuth2AuthenticationException("ERR_1027")
+      if (oidcUser.emailVerified == false) throw OAuth2AuthenticationException("ERR_1026")
 
       val existingUser = userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)
         ?: tryCreateNewUser(oidcUser.email)