From fbe024094442d2d48ecbd70a731a88ae827968dc Mon Sep 17 00:00:00 2001
From: Andrej Shadura <andrew.shadura@collabora.co.uk>
Date: Mon, 22 Nov 2021 16:18:18 +0100
Subject: [PATCH] Repeat SSO user lookup by emails in username/nickname fields

When logging in with e.g. OpenID Connect/Azure, two email addresses
may be provided, one in "email" field and another in "username" or
"nickname". Since this is exactly the opposite of what the separate
Azure backend does, migration from Azure to OpenID Connect/Azure
needs to try both emails which may be different.

Signed-off-by: Andrej Shadura <andrew.shadura@collabora.co.uk>
---
 src/api/app/models/user.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/api/app/models/user.rb b/src/api/app/models/user.rb
index 1156e291a7..af8d053a73 100644
--- a/src/api/app/models/user.rb
+++ b/src/api/app/models/user.rb
@@ -233,6 +233,17 @@ class User < ApplicationRecord
 
         return user
       end
+
+      username = auth['username'] || auth['nickname']
+      if username.include? '@'
+        user = find_by_email(username)
+
+        if user
+          user.mark_login!
+
+          return user
+        end
+      end
     end
   end
 
-- 
GitLab