Skip to content

Commit 035b81f

Browse files
committed
test(auth): lock in unverified for a string verified-email claim
Add a boundary case asserting a string verified_primary_email/ verified_secondary_email equal to the email resolves to unverified — the old string[] cast would have returned true via String.includes.
1 parent ac8b583 commit 035b81f

1 file changed

Lines changed: 5 additions & 0 deletions

File tree

apps/sim/lib/oauth/microsoft.test.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,11 @@ describe('deriveMicrosoftEmailVerified', () => {
6464
)
6565
expect(deriveMicrosoftEmailVerified({ verified_primary_email: null }, EMAIL)).toBe(false)
6666
})
67+
68+
it('does not treat a string claim equal to the email as verified (guards the old unsafe cast)', () => {
69+
expect(deriveMicrosoftEmailVerified({ verified_primary_email: EMAIL }, EMAIL)).toBe(false)
70+
expect(deriveMicrosoftEmailVerified({ verified_secondary_email: EMAIL }, EMAIL)).toBe(false)
71+
})
6772
})
6873

6974
describe('isMicrosoftProvider', () => {

0 commit comments

Comments
 (0)