Skip to content

fix(profile): fall back to authenticated email claims on /profile#279

Merged
mpaulosky merged 5 commits into
devfrom
squad/278-fix-profile-email-fallback
May 10, 2026
Merged

fix(profile): fall back to authenticated email claims on /profile#279
mpaulosky merged 5 commits into
devfrom
squad/278-fix-profile-email-fallback

Conversation

@mpaulosky

Copy link
Copy Markdown
Owner

Summary

Fix the profile email display when the authenticated principal exposes a legitimate email through alternate claim forms, and keep the Auth0 management client compatible with both current and legacy configuration keys.

Working as Sam (Backend / .NET). Ralph coordinated final delivery.

What changed

  • src/Web/Program.cs
    • Requests the email scope alongside openid profile so Auth0 can issue the direct email claim when available.
  • src/Web/Features/UserManagement/Profile.razor
    • Preserves direct email claim handling and falls back to alternate legitimate authenticated email claim forms before rendering the profile card.
  • tests/Architecture.Tests/ProfileEmailAuthContractTests.cs
    • Locks in the explicit email scope requirement in Program.cs.
  • tests/Web.Tests.Bunit/Features/ProfileTests.cs
    • Adds regressions for both direct email claims and fallback shapes such as preferred_username.
  • src/Web/Features/UserManagement/UserManagementHandler.cs
    • Resolves Auth0 Management API settings from both Auth0Management:* and legacy Auth0:ManagementApi* keys, treats whitespace as missing, and preserves explicit configuration and HTTP failure behavior.

Validation

  • Focused tests
    • tests/Architecture.Tests/Architecture.Tests.csproj --filter ProfileEmailAuthContractTests: 1 passed
    • tests/Web.Tests.Bunit/Web.Tests.Bunit.csproj --filter ProfileTests: 7 passed
    • tests/Web.Tests/Web.Tests.csproj --filter UserManagementHandlerTests: 16 passed
  • Full suite
    • tests/Web.Tests/Web.Tests.csproj: 148 passed, 0 failed
  • AppHost runtime verification
    • Started src/AppHost/AppHost.csproj
    • Authenticated via /test/login?role=Admin
    • Confirmed /profile renders test@example.com in the live app
  • Real Auth0 verification
    • Prior branch validation also included a real Auth0 check to confirm the profile email renders for a genuine authenticated principal

Closes #278

Boromir and others added 2 commits May 10, 2026 01:27
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 10, 2026 08:33
@github-actions

Copy link
Copy Markdown
Contributor

🏗️ PR Added to Squad Triage Queue

This PR has been labeled with squad and added to the triage queue.

Next steps:

  • The squad Lead will review and assign to an appropriate team member
  • A squad:member label will be added after triage

If you know which squad member should handle this, you can add the appropriate squad:member label yourself.

@github-actions github-actions Bot added the squad Squad triage inbox — Lead will assign to a member label May 10, 2026
@github-actions

github-actions Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

Test Results Summary

341 tests  +10   340 ✅ +10   19s ⏱️ ±0s
  6 suites ± 0     1 💤 ± 0 
  6 files   ± 0     0 ❌ ± 0 

Results for commit 318ae7a. ± Comparison against base commit 5b1828f.

This pull request removes 16 and adds 26 tests. Note that renamed tests count towards both.
Unit.Handlers.UserManagementHandlerTests ‑ Handle AssignRole ClientIdMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle AssignRole ClientSecretMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle AssignRole DomainMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle AssignRole TokenEndpointFails ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetAvailableRoles ClientIdMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetAvailableRoles ClientSecretMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetAvailableRoles DomainMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetAvailableRoles TokenEndpointFails ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetUsersWithRoles ClientIdMissing ReturnsFailResult
Unit.Handlers.UserManagementHandlerTests ‑ Handle GetUsersWithRoles ClientSecretMissing ReturnsFailResult
…
MyBlog.Architecture.Tests.ProfileEmailAuthContractTests ‑ ProgramShouldRequestEmailScopeForAuth0WebLogin
Web.Features.ProfileTests ‑ ProfileIgnoresNonStringEntriesInJsonEmailsClaimAndUsesFirstStringEmail
Web.Features.ProfileTests ‑ ProfileUsesNamespacedEmailClaimTailWhenDirectEmailClaimsAreMissing
Web.Features.ProfileTests ‑ ProfileUsesOpenIdEmailClaimWhenFrameworkMappedEmailClaimIsMissing
Web.Features.ProfileTests ‑ ProfileUsesPreferredUsernameAsEmailFallbackWhenDirectEmailClaimsAreMissing
Web.Handlers.UserManagementHandlerTests ‑ HandleAssignRoleClientIdMissingReturnsFailResult
Web.Handlers.UserManagementHandlerTests ‑ HandleAssignRoleClientSecretMissingReturnsFailResult
Web.Handlers.UserManagementHandlerTests ‑ HandleAssignRoleDomainMissingReturnsFailResult
Web.Handlers.UserManagementHandlerTests ‑ HandleAssignRoleTokenEndpointFailsReturnsFailResult
Web.Handlers.UserManagementHandlerTests ‑ HandleGetAvailableRolesBlankOrMissingAccessTokenReturnsExplicitFailure(tokenResponseJson: "{\"access_token\":\"   \"}")
…

♻️ This comment has been updated with latest results.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes /profile email rendering by expanding claim fallbacks (beyond the framework-mapped email claim), explicitly requesting the Auth0 email scope, and making the Auth0 Management API configuration resolution compatible with both new and legacy config keys.

Changes:

  • Request openid profile email scopes for Auth0 web login to improve availability of direct email claims.
  • Update Profile.razor to derive an email address from multiple legitimate claim shapes (including preferred_username and email-typed claim tails).
  • Add tests that lock in the email scope requirement and cover direct + fallback email-claim shapes; update Auth0 Management settings resolution to support legacy keys.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/Web/Program.cs Adds explicit email scope to Auth0 web auth configuration.
src/Web/Features/UserManagement/Profile.razor Adds robust email-claim fallback logic (including parsing multi-value claims).
src/Web/Features/UserManagement/UserManagementHandler.cs Reads Auth0 Management settings from both new and legacy configuration keys; adds optional audience support.
tests/Architecture.Tests/ProfileEmailAuthContractTests.cs Adds contract test asserting email scope is requested in Program.cs.
tests/Web.Tests.Bunit/Features/ProfileTests.cs Adds bUnit regressions for direct email claim and preferred_username fallback.

Comment thread src/Web/Features/UserManagement/Profile.razor
Comment thread src/Web/Features/UserManagement/UserManagementHandler.cs Outdated
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@codecov

codecov Bot commented May 10, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 60.24845% with 64 lines in your changes missing coverage. Please review.
✅ Project coverage is 86.14%. Comparing base (5b1828f) to head (318ae7a).
⚠️ Report is 1 commits behind head on dev.

Files with missing lines Patch % Lines
...b/Features/UserManagement/UserManagementHandler.cs 50.00% 43 Missing and 8 partials ⚠️
src/Web/Features/UserManagement/Profile.razor 77.96% 6 Missing and 7 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##              dev     #279      +/-   ##
==========================================
- Coverage   86.57%   86.14%   -0.44%     
==========================================
  Files          44       44              
  Lines        1043     1097      +54     
  Branches      116      132      +16     
==========================================
+ Hits          903      945      +42     
- Misses         96      100       +4     
- Partials       44       52       +8     
Files with missing lines Coverage Δ
src/Web/Features/UserManagement/Profile.razor 81.81% <77.96%> (-6.34%) ⬇️
...b/Features/UserManagement/UserManagementHandler.cs 51.42% <50.00%> (+5.59%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@mpaulosky

Copy link
Copy Markdown
Owner Author

✅ Aragorn lead gate: merge-ready.

  • CI is green on commit 318ae7a.
  • Gimli's handler-test follow-up now uses the public Handle(...) surface only.
  • Both Copilot review findings are already addressed in the current PR diff and their threads are resolved.
  • Codecov reports project coverage delta -0.16%, which is below the 1% escalation threshold for this gate.

No further blockers from lead review. Safe to squash-merge.

@mpaulosky
mpaulosky merged commit 7c1fea2 into dev May 10, 2026
16 checks passed
@mpaulosky
mpaulosky deleted the squad/278-fix-profile-email-fallback branch May 10, 2026 18:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

squad Squad triage inbox — Lead will assign to a member

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Sprint 19] fix profile email fallback for alternate legitimate claim forms

2 participants