fix(oidc): ignore unknown language tag in userinfo unmarshal

Open system reported an issue where a generic OpenID provider might return language tags like "gb". These tags are well-formed but unknown and Go returns an error for it. We already ignored unknown tags is ui_locale arrays lik in AuthRequest. This change ignores singular unknown tags, like used in the userinfo `locale` claim.
2023-12-22 00:34:55 +02:00 · 2023-12-22 00:34:55 +02:00 · bc1fbf5eaa
commit bc1fbf5eaa
parent 6a8e144e8d
3 changed files with 55 additions and 12 deletions
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -3,6 +3,7 @@ package oidc
 import (
 	"database/sql/driver"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@ -77,7 +78,17 @@ func (l *Locale) MarshalJSON() ([]byte, error) {
 }

 func (l *Locale) UnmarshalJSON(data []byte) error {
-	return json.Unmarshal(data, &l.tag)
+	err := json.Unmarshal(data, &l.tag)
+	if err == nil {
+		return nil
+	}
+
+	// catch "well-formed but unknown" errors
+	var target language.ValueError
+	if errors.As(err, &target) {
+		return nil
+	}
+	return err
 }

 type Locales []language.Tag
--- a/pkg/oidc/types_test.go
+++ b/pkg/oidc/types_test.go
@ -208,20 +208,46 @@ func TestLocale_MarshalJSON(t *testing.T) {
 }

 func TestLocale_UnmarshalJSON(t *testing.T) {
-	type a struct {
+	type dst struct {
 		Locale *Locale `json:"locale,omitempty"`
 	}
-	want := a{
+	tests := []struct {
+		name    string
+		input   string
+		want    dst
+		wantErr bool
+	}{
+		{
+			name:  "afrikaans, ok",
+			input: `{"locale": "af"}`,
+			want: dst{
 				Locale: NewLocale(language.Afrikaans),
+			},
+		},
+		{
+			name:  "gb, ignored",
+			input: `{"locale": "gb"}`,
+			want: dst{
+				Locale: &Locale{},
+			},
+		},
+		{
+			name:    "bad form, error",
+			input:   `{"locale": "g!!!!!"}`,
+			wantErr: true,
+		},
 	}

-	const input = `{"locale": "af"}`
-	var got a
-
-	require.NoError(t,
-		json.Unmarshal([]byte(input), &got),
-	)
-	assert.Equal(t, want, got)
+	for _, tt := range tests {
+		var got dst
+		err := json.Unmarshal([]byte(tt.input), &got)
+		if tt.wantErr {
+			require.Error(t, err)
+			return
+		}
+		require.NoError(t, err)
+		assert.Equal(t, tt.want, got)
+	}
 }

 func TestParseLocales(t *testing.T) {
--- a/pkg/oidc/userinfo.go
+++ b/pkg/oidc/userinfo.go
@ -41,7 +41,13 @@ func (u *UserInfo) MarshalJSON() ([]byte, error) {
 }

 func (u *UserInfo) UnmarshalJSON(data []byte) error {
-	return unmarshalJSONMulti(data, (*uiAlias)(u), &u.Claims)
+	if err := unmarshalJSONMulti(data, (*uiAlias)(u), &u.Claims); err != nil {
+		return err
+	}
+	if u.Locale != nil && u.Locale.tag.IsRoot() {
+		u.Locale = nil
+	}
+	return nil
 }

 type UserInfoProfile struct {