From 4c3e3aace31c14d6a53c88efe556f5dd9d2f47a8 Mon Sep 17 00:00:00 2001
From: Eamon Dysinger <dysingee@ohsu.edu>
Date: Fri, 20 Dec 2024 11:25:43 -0800
Subject: [PATCH] previously a blank email claim would still evaluate to an
 email claim coming back; added regex check to verify that email claim value
 is valid

---
 server/routes/login.get.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/routes/login.get.ts b/server/routes/login.get.ts
index 3b2b99f..e89f258 100644
--- a/server/routes/login.get.ts
+++ b/server/routes/login.get.ts
@@ -52,7 +52,8 @@ function getEmail(tokenResponse: AuthenticationResult): string {
     email = tokenResponse.account.username;
   } else if (
     "email" in tokenResponse.idTokenClaims &&
-    typeof tokenResponse.idTokenClaims.email === "string"
+    typeof tokenResponse.idTokenClaims.email === "string" &&
+    emailRegex.test(tokenResponse.idTokenClaims.email)
   ) {
     email = tokenResponse.idTokenClaims.email;
   } else if ("emails" in tokenResponse.idTokenClaims) {