fix(autoprovision): make email optional

The mail address is not a required attrbute for our users. So we can auto-provision users without it.

Fixes: #6909

changelog/unreleased/config-autoprovision-claims.md

@@ -0,0 +1,15 @@
+Enhancement: Configurable claims for auto-provisioning user accounts
+
+We introduce the new environment variables
+"PROXY_AUTOPROVISION_CLAIM_USERNAME", "PROXY_AUTOPROVISION_CLAIM_EMAIL", and
+"PROXY_AUTOPROVISION_CLAIM_DISPLAYNAME" which can be used to configure the
+OIDC claims that should be used for auto-provisioning user accounts.
+
+The automatic fallback to use the 'email' claim value as the username when
+the 'preferred_username' claim is not set, has been removed.
+
+Also it is now possible to autoprovision users without an email address.
+
+https://github.com/owncloud/ocis/pull/8952
+https://github.com/owncloud/ocis/issues/8635
+https://github.com/owncloud/ocis/issues/6909

services/proxy/pkg/user/backend/cs3.go

@@ -274,16 +274,15 @@ func (c cs3backend) libregraphUserFromClaims(ctx context.Context, claims map[str
 	} else {
 		return user, fmt.Errorf("Missing claim '%s' (displayName)", c.autoProvisionClaims.DisplayName)
 	}
-	if mail, ok := claims[c.autoProvisionClaims.Email].(string); ok {
-		user.SetMail(mail)
-	} else {
-		return user, fmt.Errorf("Missing claim '%s' (mail)", c.autoProvisionClaims.Email)
-	}
 	if username, ok := claims[c.autoProvisionClaims.Username].(string); ok {
 		user.SetOnPremisesSamAccountName(username)
 	} else {
 		return user, fmt.Errorf("Missing claim '%s' (username)", c.autoProvisionClaims.Username)
 	}
+	// Email is optional so we don't need an 'else' here
+	if mail, ok := claims[c.autoProvisionClaims.Email].(string); ok {
+		user.SetMail(mail)
+	}
 	return user, nil
 }