fix: allow unverified email

fhswf · Jan 23, 2025 · dfddaef · dfddaef
1 parent a6e5152
commit dfddaef
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/generator/default_values.yaml b/generator/default_values.yaml
@@ -578,6 +578,8 @@ deploykf_core:
       ##
       enableSignInPage: false
 
+      insecureAllowUnverifiedEmail: true
+
       ## oauth2-proxy cookie configs
       ##
       cookie:

diff --git a/...templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml b/...templates/manifests/deploykf-core/deploykf-auth/templates/oauth2-proxy/Secret-config.yaml
@@ -107,6 +107,13 @@ skip_provider_button = false
 skip_provider_button = true
 {{- end }}
 
+
+{{- if .Values.oauth2Proxy.insecureAllowUnverifiedEmail }}
+insecure_oidc_allow_unverified_email = true
+{{- else }}
+insecure_oidc_allow_unverified_email = false
+{{- end }}
+
 ## oauth2-proxy sends "force" by default, which causes dex to always prompt for login
 ## https://github.com/dexidp/dex/pull/3086
 prompt = "none"

diff --git a/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml b/generator/templates/manifests/deploykf-core/deploykf-auth/values.yaml
@@ -177,6 +177,8 @@ oauth2Proxy:
   ## NOTE: this prevents background requests being redirected and accumulating CSRF cookies
   enableSignInPage: {{< .Values.deploykf_core.deploykf_auth.oauth2Proxy.enableSignInPage | conv.ToBool >}}
 
+  insecureAllowUnverifiedEmail: {{< .Values.deploykf_core.deploykf_auth.oauth2Proxy.insecureAllowUnverifiedEmail | conv.ToBool >}}
+
   ## OpenID configs for oauth2-proxy
   ##
   oidc:
-Original file line number
+Diff line change
@@ Expand Up / @@ -578,6 +578,8 @@ deploykf_core: @@
           ##
           enableSignInPage: false
+          insecureAllowUnverifiedEmail: true
           ## oauth2-proxy cookie configs
           ##
           cookie:
@@ Expand Down @@