cloudfoundry
fix: generate email if it is the empty string on external login
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/187543759
The labels on this github issue will be updated when the story is started.
Without the change, the test case will throw an exception:
java.lang.IllegalArgumentException: Email is required
at org.springframework.util.Assert.hasText(Assert.java:289)
at org.cloudfoundry.identity.uaa.user.UaaUser.
Because UaaUser has Assert.hasText(prototype.getEmail(), "Email is required") which is inconsistent with the null check in ExternalLoginAuthenticationManager.
Also, what is the issue in real life? When logging in with an external IDP, the email value we get from the IDP would be an empty string & the user will fail to log in due to "Email is required" error? Why would the IDP has an empty string as the email (instead of just not having it)? Is the real issue here the operator didn't set up the attributeMappings config correctly for UAA API?
Also, what is the issue in real life? When logging in with an external IDP, the email value we get from the IDP would be an empty string & the user will fail to log in due to "Email is required" error? Why would the IDP has an empty string as the email (instead of just not having it)? Is the real issue here the operator didn't set up the
attributeMappingsconfig correctly for UAA API?
The issue is that it's treated inconsistently. A null email will result in one being generated. An empty string will throw an exception that email is required. In reality an attributeMapping for email is not required, that why we can generate one. So we should be consistent about how we do that.