From 72e5fd9c9adde5cfeda7e2dee8d2edf4f57e2599 Mon Sep 17 00:00:00 2001
From: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
Date: Fri, 27 Jan 2023 16:20:49 +0800
Subject: [PATCH] fix: NPE when email_verified claim is missing in OIDC request

Closes: #1054
---
 ERRORCODES.md                                                 | 2 ++
 komga-webui/src/locales/en.json                               | 4 +++-
 .../security/oauth2/KomgaOAuth2UserServiceConfiguration.kt    | 4 +++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ERRORCODES.md b/ERRORCODES.md
index 03f74d5ad..f998c71c0 100644
--- a/ERRORCODES.md
+++ b/ERRORCODES.md
@@ -30,3 +30,5 @@ ERR_1023 | Book already present in ReadingList
 ERR_1024 | OAuth2 login error: no email attribute
 ERR_1025 | OAuth2 login error: no local user exist with that email
 ERR_1026 | OpenIDConnect login error: email not verified
+ERR_1027 | OpenIDConnect login error: no email_verified attribute
+ERR_1028 | OpenIDConnect login error: no email attribute
diff --git a/komga-webui/src/locales/en.json b/komga-webui/src/locales/en.json
index 4fa396986..31f0c4f06 100644
--- a/komga-webui/src/locales/en.json
+++ b/komga-webui/src/locales/en.json
@@ -655,7 +655,9 @@
     "ERR_1023": "Book already present in ReadingList",
     "ERR_1024": "OAuth2 login error: no email attribute",
     "ERR_1025": "OAuth2 login error: no local user exist with that email",
-    "ERR_1026": "OpenID Connect login error: email not verified"
+    "ERR_1026": "OpenID Connect login error: email not verified",
+    "ERR_1027": "OpenID Connect login error: no email_verified attribute",
+    "ERR_1028": "OpenID Connect login error: no email attribute"
   },
   "filter": {
     "age_rating": "age rating",
diff --git a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
index 7f1126cdf..93a218bd8 100644
--- a/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
+++ b/komga/src/main/kotlin/org/gotson/komga/infrastructure/security/oauth2/KomgaOAuth2UserServiceConfiguration.kt
@@ -56,7 +56,9 @@ class KomgaOAuth2UserServiceConfiguration(
     return OAuth2UserService { userRequest: OidcUserRequest ->
       val oidcUser = delegate.loadUser(userRequest)
 
-      if (!oidcUser.emailVerified) throw OAuth2AuthenticationException("ERR_1026")
+      if (oidcUser.email == null) throw OAuth2AuthenticationException("ERR_1028")
+      if (oidcUser.emailVerified == null) throw OAuth2AuthenticationException("ERR_1027")
+      if (oidcUser.emailVerified == false) throw OAuth2AuthenticationException("ERR_1026")
 
       val existingUser = userRepository.findByEmailIgnoreCaseOrNull(oidcUser.email)
         ?: tryCreateNewUser(oidcUser.email)