From 891267cee80cc39021a27a02febfa7c96582a9db Mon Sep 17 00:00:00 2001
From: Samuel Imfeld <sml.imfeld@gmail.com>
Date: Tue, 26 Mar 2024 20:58:55 +0100
Subject: [PATCH 1/2] Document trusted oauth providers

---
 api/src/Entity/Profile.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/api/src/Entity/Profile.php b/api/src/Entity/Profile.php
index 44d6d69e54..c6650f29a3 100644
--- a/api/src/Entity/Profile.php
+++ b/api/src/Entity/Profile.php
@@ -91,6 +91,14 @@ class Profile extends BaseEntity {
     #[ORM\Column(type: 'string', length: 255, nullable: true)]
     public ?string $untrustedEmailKeyHash = null;
 
+    // ========================= start trusted Oauth provider ids ========================= 
+    // Note: as of https://github.com/ecamp/ecamp3/pull/4779 we are assuming that email
+    // addresses received from Oauth providers are trusted in the sense that email ownership has
+    // previously been verified by the corresponding service. When adding more providers, either
+    // - validate this assumption for the new provider, or
+    // - remove the logic setting the user state to active for existing non-activated user profiles
+    //   in the new authenticator implementation (api/src/Security/OAuth/*Authenticator.php)
+
     /**
      * Google id of the user.
      */
@@ -119,6 +127,8 @@ class Profile extends BaseEntity {
     #[ORM\Column(type: 'string', length: 255, nullable: true)]
     public ?string $jubladbId = null;
 
+    // ========================= end trusted Oauth provider ids ========================= 
+
     /**
      * The user's (optional) first name.
      */

From 23c0a8d2be3a829b2443aa0f4153c8c8ddca5d69 Mon Sep 17 00:00:00 2001
From: Samuel Imfeld <sml.imfeld@gmail.com>
Date: Tue, 26 Mar 2024 20:31:14 +0000
Subject: [PATCH 2/2] Fix trailing space

---
 api/src/Entity/Profile.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/src/Entity/Profile.php b/api/src/Entity/Profile.php
index c6650f29a3..536f67adba 100644
--- a/api/src/Entity/Profile.php
+++ b/api/src/Entity/Profile.php
@@ -91,7 +91,7 @@ class Profile extends BaseEntity {
     #[ORM\Column(type: 'string', length: 255, nullable: true)]
     public ?string $untrustedEmailKeyHash = null;
 
-    // ========================= start trusted Oauth provider ids ========================= 
+    // ========================= start trusted Oauth provider ids =========================
     // Note: as of https://github.com/ecamp/ecamp3/pull/4779 we are assuming that email
     // addresses received from Oauth providers are trusted in the sense that email ownership has
     // previously been verified by the corresponding service. When adding more providers, either
@@ -127,7 +127,7 @@ class Profile extends BaseEntity {
     #[ORM\Column(type: 'string', length: 255, nullable: true)]
     public ?string $jubladbId = null;
 
-    // ========================= end trusted Oauth provider ids ========================= 
+    // ========================= end trusted Oauth provider ids =========================
 
     /**
      * The user's (optional) first name.