Remove fake email scope value

motoki317 · motoki317 · commit 82fe73251d82 · 2024-05-08T12:47:58.000+09:00
diff --git a/docs/v3-api.yaml b/docs/v3-api.yaml
@@ -5289,12 +5289,6 @@ components:
           description: 更新日時
         traq:
           $ref: '#/components/schemas/OIDCTraqUserInfo'
-        email:
-          type: string
-          description: メールアドレス (フェイク値)
-        email_verified:
-          type: boolean
-          description: メールアドレスの確認が取れているか (フェイク値)
       required:
         - sub
     OIDCTraqUserInfo:
diff --git a/migration/current.go b/migration/current.go
@@ -45,7 +45,7 @@ func Migrations() []*gormigrate.Migration {
 		v32(), // ユーザーの表示名上限を32文字に
 		v33(), // 未読テーブルにチャンネルIDカラムを追加 / インデックス類の更新 / 不要なレコードの削除
 		v34(), // 未読テーブルのcreated_atカラムをメッセージテーブルを元に更新 / カラム名を変更
-		v35(), // OIDC実装のため、openid, profile, emailロール、get_oidc_userinfo権限を追加
+		v35(), // OIDC実装のため、openid, profileロール、get_oidc_userinfo権限を追加
 	}
 }
 
diff --git a/migration/v35.go b/migration/v35.go
@@ -5,7 +5,7 @@ import (
 	"gorm.io/gorm"
 )
 
-// v35  OIDC実装のため、openid, profile, emailロール、get_oidc_userinfo権限を追加
+// v35  OIDC実装のため、openid, profileロール、get_oidc_userinfo権限を追加
 func v35() *gormigrate.Migration {
 	return &gormigrate.Migration{
 		ID: "35",
@@ -28,17 +28,6 @@ func v35() *gormigrate.Migration {
 						},
 					},
 				},
-				{
-					Name:        "email",
-					Oauth2Scope: true,
-					System:      true,
-					Permissions: []v35RolePermission{
-						{
-							Role:       "profile",
-							Permission: "get_oidc_userinfo",
-						},
-					},
-				},
 			}
 			for _, role := range roles {
 				err := db.Create(&role).Error
diff --git a/model/oauth2.go b/model/oauth2.go
@@ -31,7 +31,7 @@ type AccessScopes map[AccessScope]struct{}
 
 // SupportedAccessScopes 対応するスコープ一覧を返します
 func SupportedAccessScopes() []string {
-	return []string{"read", "write", "manage_bot", "openid", "profile", "email"}
+	return []string{"read", "write", "manage_bot", "openid", "profile"}
 }
 
 // Value database/sql/driver.Valuer 実装
diff --git a/router/oauth2/token_endpoint.go b/router/oauth2/token_endpoint.go
@@ -59,7 +59,7 @@ func (h *Handler) issueIDToken(client *model.OAuth2Client, token *model.OAuth2To
 		"exp": token.Deadline().Unix(),
 		"iat": token.CreatedAt.Unix(),
 	}
-	// Extra claims according to scopes (profile, email)
+	// Extra claims according to scopes (profile)
 	userInfo, err := h.OIDC.GetUserInfo(userID, token.Scopes)
 	if err != nil {
 		return "", err
diff --git a/service/oidc/userinfo.go b/service/oidc/userinfo.go
@@ -71,10 +71,6 @@ func (s *Service) GetUserInfo(userID uuid.UUID, scopes ScopeChecker) (map[string
 			"home_channel": user.GetHomeChannel(),
 		}
 	}
-	if scopes.Contains("email") {
-		claims["email"] = user.GetName() + "@example.com"
-		claims["email_verified"] = false
-	}
 
 	return claims, nil
 }
diff --git a/service/rbac/role/email.go b/service/rbac/role/email.go
diff --git a/service/rbac/role/role.go b/service/rbac/role/role.go
@@ -48,11 +48,6 @@ func GetSystemRoles() Roles {
 			oauth2Scope: true,
 			permissions: permission.PermissionsFromArray(profilePerms),
 		},
-		Email: &systemRole{
-			name:        Email,
-			oauth2Scope: true,
-			permissions: permission.PermissionsFromArray(emailPerms),
-		},
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ func Migrations() []*gormigrate.Migration {`
`45`	`45`	`v32(), // ユーザーの表示名上限を32文字に`
`46`	`46`	`v33(), // 未読テーブルにチャンネルIDカラムを追加 / インデックス類の更新 / 不要なレコードの削除`
`47`	`47`	`v34(), // 未読テーブルのcreated_atカラムをメッセージテーブルを元に更新 / カラム名を変更`
`48`		`- v35(), // OIDC実装のため、openid, profile, emailロール、get_oidc_userinfo権限を追加`
	`48`	`+ v35(), // OIDC実装のため、openid, profileロール、get_oidc_userinfo権限を追加`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ type AccessScopes map[AccessScope]struct{}`
`31`	`31`
`32`	`32`	`// SupportedAccessScopes 対応するスコープ一覧を返します`
`33`	`33`	`func SupportedAccessScopes() []string {`
`34`		`- return []string{"read", "write", "manage_bot", "openid", "profile", "email"}`
	`34`	`+ return []string{"read", "write", "manage_bot", "openid", "profile"}`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`// Value database/sql/driver.Valuer 実装`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ func (h Handler) issueIDToken(client model.OAuth2Client, token *model.OAuth2To`
`59`	`59`	`"exp": token.Deadline().Unix(),`
`60`	`60`	`"iat": token.CreatedAt.Unix(),`
`61`	`61`	`}`
`62`		`- // Extra claims according to scopes (profile, email)`
	`62`	`+ // Extra claims according to scopes (profile)`
`63`	`63`	`userInfo, err := h.OIDC.GetUserInfo(userID, token.Scopes)`
`64`	`64`	`if err != nil {`
`65`	`65`	`return "", err`
Original file line number	Diff line number	Diff line change
`@@ -71,10 +71,6 @@ func (s *Service) GetUserInfo(userID uuid.UUID, scopes ScopeChecker) (map[string`
`71`	`71`	`"home_channel": user.GetHomeChannel(),`
`72`	`72`	`}`
`73`	`73`	`}`
`74`		`- if scopes.Contains("email") {`
`75`		`- claims["email"] = user.GetName() + "@example.com"`
`76`		`- claims["email_verified"] = false`
`77`		`- }`
`78`	`74`
`79`	`75`	`return claims, nil`
`80`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,11 +48,6 @@ func GetSystemRoles() Roles {`
`48`	`48`	`oauth2Scope: true,`
`49`	`49`	`permissions: permission.PermissionsFromArray(profilePerms),`
`50`	`50`	`},`
`51`		`- Email: &systemRole{`
`52`		`- name: Email,`
`53`		`- oauth2Scope: true,`
`54`		`- permissions: permission.PermissionsFromArray(emailPerms),`
`55`		`- },`
`56`	`51`	`}`
`57`	`52`	`}`
`58`	`53`