chore(core): Enforce email format for user entity, remove unused user validators (#18534)

2025-12-17 01:56:46 +00:00 · 2025-08-21 14:41:32 +02:00
parent 9ab150961d
commit 04e24e387d
14 changed files with 391 additions and 30 deletions
--- a/packages/cli/test/integration/saml/saml.api.test.ts
+++ b/packages/cli/test/integration/saml/saml.api.test.ts
@@ -2,8 +2,11 @@ import { randomEmail, randomName, randomValidPassword } from '@n8n/backend-test-
 import { GlobalConfig } from '@n8n/config';
 import type { User } from '@n8n/db';
 import { Container } from '@n8n/di';
+import type express from 'express';

+import { BadRequestError } from '@/errors/response-errors/bad-request.error';
 import { setSamlLoginEnabled } from '@/sso.ee/saml/saml-helpers';
+import { SamlService } from '@/sso.ee/saml/saml.service.ee';
 import {
 	getCurrentAuthenticationMethod,
 	setCurrentAuthenticationMethod,
@@ -283,3 +286,86 @@ describe('Check endpoint permissions', () => {
 		});
 	});
 });
+
+describe('SAML email validation', () => {
+	let samlService: SamlService;
+
+	beforeAll(async () => {
+		samlService = Container.get(SamlService);
+	});
+
+	describe('handleSamlLogin', () => {
+		test('should throw BadRequestError for invalid email format', async () => {
+			// Mock getAttributesFromLoginResponse to return invalid email
+			jest.spyOn(samlService, 'getAttributesFromLoginResponse').mockResolvedValue({
+				email: 'invalid-email-format',
+				firstName: 'John',
+				lastName: 'Doe',
+				userPrincipalName: 'john.doe',
+			});
+
+			const mockRequest = {} as express.Request;
+
+			await expect(samlService.handleSamlLogin(mockRequest, 'post')).rejects.toThrow(
+				new BadRequestError('Invalid email format'),
+			);
+		});
+
+		test.each([['not-an-email'], ['@missinglocal.com'], ['missing@.com'], ['spaces in@email.com']])(
+			'should throw BadRequestError for invalid email <%s>',
+			async (invalidEmail) => {
+				jest.spyOn(samlService, 'getAttributesFromLoginResponse').mockResolvedValue({
+					email: invalidEmail,
+					firstName: 'John',
+					lastName: 'Doe',
+					userPrincipalName: 'john.doe',
+				});
+
+				const mockRequest = {} as express.Request;
+
+				await expect(samlService.handleSamlLogin(mockRequest, 'post')).rejects.toThrow(
+					new BadRequestError('Invalid email format'),
+				);
+			},
+		);
+
+		test.each([
+			['user@example.com'],
+			['test.email@domain.org'],
+			['user+tag@example.com'],
+			['user123@test-domain.com'],
+		])('should handle valid email <%s> successfully', async (validEmail) => {
+			const mockRequest = {} as express.Request;
+
+			jest.spyOn(samlService, 'getAttributesFromLoginResponse').mockResolvedValue({
+				email: validEmail,
+				firstName: 'John',
+				lastName: 'Doe',
+				userPrincipalName: 'john.doe',
+			});
+
+			// Should not throw an error for valid emails
+			const result = await samlService.handleSamlLogin(mockRequest, 'post');
+			expect(result).toBeDefined();
+			expect(result.attributes.email).toBe(validEmail);
+		});
+
+		test('should convert email to lowercase before validation', async () => {
+			const upperCaseEmail = 'USER@EXAMPLE.COM';
+
+			jest.spyOn(samlService, 'getAttributesFromLoginResponse').mockResolvedValue({
+				email: upperCaseEmail,
+				firstName: 'John',
+				lastName: 'Doe',
+				userPrincipalName: 'john.doe',
+			});
+
+			const mockRequest = {} as express.Request;
+
+			// Should not throw an error as the email is valid when converted to lowercase
+			const result = await samlService.handleSamlLogin(mockRequest, 'post');
+			expect(result).toBeDefined();
+			expect(result.attributes.email).toBe(upperCaseEmail); // Original email should be preserved in attributes
+		});
+	});
+});