diff --git a/.changeset/six-poems-press.md b/.changeset/six-poems-press.md new file mode 100644 index 0000000000..e08586a881 --- /dev/null +++ b/.changeset/six-poems-press.md @@ -0,0 +1,5 @@ +--- +'@backstage/plugin-auth-node': patch +--- + +[emailMatchingUserEntityProfileEmail resolver]: Try also matching emails with plus addressing removed. diff --git a/plugins/auth-node/src/sign-in/commonSignInResolvers.ts b/plugins/auth-node/src/sign-in/commonSignInResolvers.ts index 5b5da07c73..dafb110ccc 100644 --- a/plugins/auth-node/src/sign-in/commonSignInResolvers.ts +++ b/plugins/auth-node/src/sign-in/commonSignInResolvers.ts @@ -16,6 +16,11 @@ import { createSignInResolverFactory } from './createSignInResolverFactory'; +// This splits an email "joe+work@acme.com" into ["joe", "+work", "@acme.com"] +// so that we can remove the plus addressing. May output a shorter array: +// ["joe", "@acme.com"], if no plus addressing was found. +const reEmail = /([^@+]+)(\+[^@]+)?(@.*)/; + /** * A collection of common sign-in resolvers that work with any auth provider. * @@ -38,11 +43,28 @@ export namespace commonSignInResolvers { ); } - return ctx.signInWithCatalogUser({ - filter: { - 'spec.profile.email': profile.email, - }, - }); + try { + return await ctx.signInWithCatalogUser({ + filter: { + 'spec.profile.email': profile.email, + }, + }); + } catch (err) { + // Try removing the plus addressing from the email address + const m = profile.email.match(reEmail); + if (m?.length === 4) { + const [_, name, _plus, domain] = m; + const noPlusEmail = `${name}${domain}`; + + return ctx.signInWithCatalogUser({ + filter: { + 'spec.profile.email': noPlusEmail, + }, + }); + } + // Email had no plus addressing or is missing in the catalog, forward failure + throw err; + } }; }, });