SQSERVICES-377 fix email verification when external id is updated via SCIM#2374
Merged
battermann merged 3 commits intodevelopfrom May 18, 2022
Conversation
battermann
changed the title
battermann
force-pushed
the
SQSERVICES-377-changing-external-id-via-scim-doesnt-update-email
branch
from
0658702 to
2d2b7c7
Compare
battermann
force-pushed
the
SQSERVICES-377-changing-external-id-via-scim-doesnt-update-email
branch
from
c5f75de to
29f70c8
Compare
| deriving (Eq, Show) | ||
|
|
||
| -- | Note that a 'SAML.UserRef' may contain an email. Even though it is possible to construct a 'ValidExternalId' from such a 'UserRef' with 'UrefOnly', | ||
| -- this does not represent a valid 'ValidExternalId'. So in case of a 'UrefOnly', we can assume that the 'UserRef' does not contain an email. |
Contributor
There was a problem hiding this comment.
Is there as smart constructor that enforces this somewhere? It doesn't seem like an assumption that is likely to "bite" us in the future, but it also shouldn't be expensive to have the code check to ensure we aren't recording a UNameIDEmail in a URefOnly (losslessly up-converting to using EmailAndUref instead).
Contributor
There was a problem hiding this comment.
I would aim for a tag at the NameID type instead that guarantees the existence of an email address at the type level. A smart constructor for UserRef would work, too, but my hunch is that it'll leave more room for error.
Not sure we'll have the time for either, though. If you want to try touching saml2-web-sso knock yourself out! :)
battermann
deleted the
SQSERVICES-377-changing-external-id-via-scim-doesnt-update-email
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://wearezeta.atlassian.net/browse/SQSERVICES-377
Checklist
changelog.d.