vikunja/pkg/modules
kolaente f04b5a43f9 fix(auth): don't link OIDC login to an arbitrary local user when the email claim is empty
The email-only fallback built &user.User{Issuer: IssuerLocal, Email: cl.Email}.
GetUserWithEmail ANDs only non-zero fields, so an empty cl.Email degenerated the
lookup to issuer-only, matching an arbitrary local user and wrongly linking the
OIDC login to that account (account-takeover / wrong-link).

Guard the email-only branch to only run when cl.Email != "" so an empty email
falls through to user creation (nothing to safely match on). As defense in depth,
skip empty username candidates too, so no fallback search can ever degenerate to
issuer-only ({Issuer, Username:"", Email:""}).

This is a latent pre-existing issue (the pre-#2945 code had the same
searchUser.Email = cl.Email with no empty guard); the #2945 refactor only
surfaced it. Adds a regression test.
2026-06-19 20:35:22 +02:00
..
auth fix(auth): don't link OIDC login to an arbitrary local user when the email claim is empty 2026-06-19 20:35:22 +02:00
avatar fix(api/v2): reject non-decodable images (e.g. SVG) on avatar upload with 400 2026-06-02 11:55:25 +00:00
background refactor(background): extract download + unsplash-proxy logic for reuse 2026-06-17 11:31:50 +00:00
dump chore(lint): suppress known gosec false positives 2026-03-23 16:23:15 +01:00
humaecho5 feat: vendor humaecho adapter for echo/v5 2026-05-31 12:56:57 +00:00
keyvalue fix(keyvalue): treat undecodable cached values as a cache miss 2026-05-30 13:48:01 +00:00
migration refactor(migration): extract file/CSV migrate orchestration into shared funcs 2026-06-12 08:51:19 +00:00