fix(oidc): ignore unknown language tag in userinfo unmarshal (#505)

* fix(oidc): ignore unknown language tag in userinfo unmarshal Open system reported an issue where a generic OpenID provider might return language tags like "gb". These tags are well-formed but unknown and Go returns an error for it. We already ignored unknown tags is ui_locale arrays lik in AuthRequest. This change ignores singular unknown tags, like used in the userinfo `locale` claim. * do not set nil to Locale field
2023-12-22 11:25:58 +02:00 · 2023-12-22 11:25:58 +02:00 · dce79a73fb
commit dce79a73fb
parent 6a8e144e8d
2 changed files with 53 additions and 11 deletions
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -3,6 +3,7 @@ package oidc
 import (
 	"database/sql/driver"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@ -76,8 +77,23 @@ func (l *Locale) MarshalJSON() ([]byte, error) {
 	return json.Marshal(tag)
 }

+// UnmarshalJSON implements json.Unmarshaler.
+// When [language.ValueError] is encountered, the containing tag will be set
+// to an empty value (language "und") and no error will be returned.
+// This state can be checked with the `l.Tag().IsRoot()` method.
 func (l *Locale) UnmarshalJSON(data []byte) error {
-	return json.Unmarshal(data, &l.tag)
+	err := json.Unmarshal(data, &l.tag)
+	if err == nil {
+		return nil
+	}
+
+	// catch "well-formed but unknown" errors
+	var target language.ValueError
+	if errors.As(err, &target) {
+		l.tag = language.Tag{}
+		return nil
+	}
+	return err
 }

 type Locales []language.Tag
--- a/pkg/oidc/types_test.go
+++ b/pkg/oidc/types_test.go
@ -208,20 +208,46 @@ func TestLocale_MarshalJSON(t *testing.T) {
 }

 func TestLocale_UnmarshalJSON(t *testing.T) {
-	type a struct {
+	type dst struct {
 		Locale *Locale `json:"locale,omitempty"`
 	}
-	want := a{
-		Locale: NewLocale(language.Afrikaans),
+	tests := []struct {
+		name    string
+		input   string
+		want    dst
+		wantErr bool
+	}{
+		{
+			name:  "afrikaans, ok",
+			input: `{"locale": "af"}`,
+			want: dst{
+				Locale: NewLocale(language.Afrikaans),
+			},
+		},
+		{
+			name:  "gb, ignored",
+			input: `{"locale": "gb"}`,
+			want: dst{
+				Locale: &Locale{},
+			},
+		},
+		{
+			name:    "bad form, error",
+			input:   `{"locale": "g!!!!!"}`,
+			wantErr: true,
+		},
 	}

-	const input = `{"locale": "af"}`
-	var got a
-
-	require.NoError(t,
-		json.Unmarshal([]byte(input), &got),
-	)
-	assert.Equal(t, want, got)
+	for _, tt := range tests {
+		var got dst
+		err := json.Unmarshal([]byte(tt.input), &got)
+		if tt.wantErr {
+			require.Error(t, err)
+			return
+		}
+		require.NoError(t, err)
+		assert.Equal(t, tt.want, got)
+	}
 }

 func TestParseLocales(t *testing.T) {