fix(oidc): ignore unknown language tag in userinfo unmarshal (#505)

* fix(oidc): ignore unknown language tag in userinfo unmarshal Open system reported an issue where a generic OpenID provider might return language tags like "gb". These tags are well-formed but unknown and Go returns an error for it. We already ignored unknown tags is ui_locale arrays lik in AuthRequest. This change ignores singular unknown tags, like used in the userinfo `locale` claim. * do not set nil to Locale field
2023-12-22 11:25:58 +02:00 · 2023-12-22 11:25:58 +02:00 · dce79a73fb
commit dce79a73fb
parent 6a8e144e8d
2 changed files with 53 additions and 11 deletions
--- a/pkg/oidc/types.go
+++ b/pkg/oidc/types.go
@ -3,6 +3,7 @@ package oidc
 import (
 	"database/sql/driver"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"reflect"
 	"strings"
@ -76,8 +77,23 @@ func (l *Locale) MarshalJSON() ([]byte, error) {
 	return json.Marshal(tag)
 }

+// UnmarshalJSON implements json.Unmarshaler.
+// When [language.ValueError] is encountered, the containing tag will be set
+// to an empty value (language "und") and no error will be returned.
+// This state can be checked with the `l.Tag().IsRoot()` method.
 func (l *Locale) UnmarshalJSON(data []byte) error {
-	return json.Unmarshal(data, &l.tag)
+	err := json.Unmarshal(data, &l.tag)
+	if err == nil {
+		return nil
+	}
+
+	// catch "well-formed but unknown" errors
+	var target language.ValueError
+	if errors.As(err, &target) {
+		l.tag = language.Tag{}
+		return nil
+	}
+	return err
 }

 type Locales []language.Tag