From e57a0e65ad78ee5ddfe3eb05431d180fb6da2695 Mon Sep 17 00:00:00 2001
From: alexcampos <alexandre@amplemarket.com>
Date: Fri, 9 May 2025 14:48:08 +0100
Subject: [PATCH] Fix email domain up domain case sensitive comparison

---
 lib/omniauth/microsoft_graph/domain_verifier.rb       | 2 +-
 spec/omniauth/microsoft_graph/domain_verifier_spec.rb | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/omniauth/microsoft_graph/domain_verifier.rb b/lib/omniauth/microsoft_graph/domain_verifier.rb
index 4401a5e..a34b373 100644
--- a/lib/omniauth/microsoft_graph/domain_verifier.rb
+++ b/lib/omniauth/microsoft_graph/domain_verifier.rb
@@ -37,7 +37,7 @@ def verify!
         # This means while it's not suitable for consistently identifying a user
         # (the domain might change), it is suitable for verifying membership in
         # a given domain.
-        return true if email_domain == upn_domain ||
+        return true if email_domain.casecmp?(upn_domain) ||
           skip_verification == true ||
           (skip_verification.is_a?(Array) && skip_verification.include?(email_domain)) ||
           domain_verified_jwt_claim
diff --git a/spec/omniauth/microsoft_graph/domain_verifier_spec.rb b/spec/omniauth/microsoft_graph/domain_verifier_spec.rb
index 777695b..a958b9b 100644
--- a/spec/omniauth/microsoft_graph/domain_verifier_spec.rb
+++ b/spec/omniauth/microsoft_graph/domain_verifier_spec.rb
@@ -28,6 +28,13 @@
       it { is_expected.to be_truthy }
     end
 
+    context 'when email domain and userPrincipalName domain match but have different casing' do
+      let(:email) { 'foo@example.com' }
+      let(:upn) { 'bar@EXAMPLE.COM' }
+
+      it { is_expected.to be_truthy }
+    end
+
     context 'when domain validation is disabled' do
       let(:options) { super().merge(skip_domain_verification: true) }