Simon/linkwarden
1
0
Fork 0
mirror of https://github.com/linkwarden/linkwarden.git synced 2026-06-29 23:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dev
linkwarden/apps/web/lib/api/ssoEmailVerified.test.ts
daniel31x13 28139f55f6 security: confirm if the email is verified in SSO
2026-06-29 07:26:42 -04:00

38 lines
1.2 KiB
TypeScript
Raw Permalink Blame History

import { describe, expect, it } from "vitest";
import { ssoEmailVerified } from "./ssoEmailVerified";
describe("ssoEmailVerified", () => {
it("accepts a verified boolean claim", () => {
expect(ssoEmailVerified({ email_verified: true })).toBe(true);
});
it("accepts the string 'true' (Cognito / userinfo style)", () => {
expect(ssoEmailVerified({ email_verified: "true" })).toBe(true);
});
it("rejects an explicitly unverified claim (the core attack vector)", () => {
expect(ssoEmailVerified({ email_verified: false })).toBe(false);
});
it("rejects the string 'false'", () => {
expect(ssoEmailVerified({ email_verified: "false" })).toBe(false);
});
it("rejects an absent claim (fail closed)", () => {
expect(ssoEmailVerified({ sub: "123", email: "a@b.com" })).toBe(false);
});
it("rejects a differently-named flag, e.g. Discord's `verified`", () => {
expect(ssoEmailVerified({ verified: true })).toBe(false);
});
it("rejects a non-boolean truthy value such as 1", () => {
expect(ssoEmailVerified({ email_verified: 1 })).toBe(false);
});
it("handles undefined / null profile", () => {
expect(ssoEmailVerified(undefined)).toBe(false);
expect(ssoEmailVerified(null)).toBe(false);
});
});
Reference in New Issue View Git Blame Copy Permalink