Mark option to skip verified email check as insecure

2019-07-11 15:18:36 +01:00 · 2019-07-11 15:18:36 +01:00 · 39b6a42d43
commit 39b6a42d43
parent 018a25be04
1 changed files with 36 additions and 36 deletions
--- a/options.go
+++ b/options.go
@ -81,7 +81,7 @@ type Options struct {
 	// potential overrides.
 	Provider                         string `flag:"provider" cfg:"provider" env:"OAUTH2_PROXY_PROVIDER"`
 	OIDCIssuerURL                    string `flag:"oidc-issuer-url" cfg:"oidc_issuer_url" env:"OAUTH2_PROXY_OIDC_ISSUER_URL"`
-	OIDCAllowUnverifiedEmail bool   `flag:"oidc-allow-unverified-email" cfg:"oidc_allow_unverified_email" env:"OAUTH2_PROXY_OIDC_ALLOW_UNVERIFIED_EMAIL"`
+	InsecureOIDCAllowUnverifiedEmail bool   `flag:"insecure-oidc-allow-unverified-email" cfg:"insecure_oidc_allow_unverified_email" env:"OAUTH2_PROXY_INSECURE_OIDC_ALLOW_UNVERIFIED_EMAIL"`
 	SkipOIDCDiscovery                bool   `flag:"skip-oidc-discovery" cfg:"skip_oidc_discovery" env:"OAUTH2_SKIP_OIDC_DISCOVERY"`
 	OIDCJwksURL                      string `flag:"oidc-jwks-url" cfg:"oidc_jwks_url" env:"OAUTH2_OIDC_JWKS_URL"`
 	LoginURL                         string `flag:"login-url" cfg:"login_url" env:"OAUTH2_PROXY_LOGIN_URL"`
@ -157,7 +157,7 @@ func NewOptions() *Options {
 		SetAuthorization:                 false,
 		PassAuthorization:                false,
 		ApprovalPrompt:                   "force",
-		OIDCAllowUnverifiedEmail: false,
+		InsecureOIDCAllowUnverifiedEmail: false,
 		SkipOIDCDiscovery:                false,
 		LoggingFilename:                  "",
 		LoggingMaxSize:                   100,
@ -399,7 +399,7 @@ func parseProviderInfo(o *Options, msgs []string) []string {
 			}
 		}
 	case *providers.OIDCProvider:
-		p.AllowUnverifiedEmail = o.OIDCAllowUnverifiedEmail
+		p.AllowUnverifiedEmail = o.InsecureOIDCAllowUnverifiedEmail
 		if o.oidcVerifier == nil {
 			msgs = append(msgs, "oidc provider requires an oidc issuer URL")
 		} else {