Add Email claim (#18580)

Author: Kahbazi

src/Identity/Extensions.Core/ref/Microsoft.Extensions.Identity.Core.netcoreapp.cs

@@ -15,6 +15,7 @@ public AuthenticatorTokenProvider() { }
     public partial class ClaimsIdentityOptions
     {
         public ClaimsIdentityOptions() { }
+        public string EmailClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string RoleClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string SecurityStampClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string UserIdClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }

src/Identity/Extensions.Core/ref/Microsoft.Extensions.Identity.Core.netstandard2.0.cs

@@ -15,6 +15,7 @@ public AuthenticatorTokenProvider() { }
     public partial class ClaimsIdentityOptions
     {
         public ClaimsIdentityOptions() { }
+        public string EmailClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string RoleClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string SecurityStampClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
         public string UserIdClaimType { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }

src/Identity/Extensions.Core/src/ClaimsIdentityOptions.cs

@@ -25,9 +25,14 @@ public class ClaimsIdentityOptions
         /// </summary>
         public string UserIdClaimType { get; set; } = ClaimTypes.NameIdentifier;
 
+        /// <summary>
+        /// Gets or sets the ClaimType used for the user email claim. Defaults to <see cref="ClaimTypes.Email"/>.
+        /// </summary>
+        public string EmailClaimType { get; set; } = ClaimTypes.Email;
+
         /// <summary>
         /// Gets or sets the ClaimType used for the security stamp claim. Defaults to "AspNet.Identity.SecurityStamp".
         /// </summary>
         public string SecurityStampClaimType { get; set; } = "AspNet.Identity.SecurityStamp";
     }
-}
+}

src/Identity/Extensions.Core/src/UserClaimsPrincipalFactory.cs

@@ -81,6 +81,14 @@ protected virtual async Task<ClaimsIdentity> GenerateClaimsAsync(TUser user)
                 Options.ClaimsIdentity.RoleClaimType);
             id.AddClaim(new Claim(Options.ClaimsIdentity.UserIdClaimType, userId));
             id.AddClaim(new Claim(Options.ClaimsIdentity.UserNameClaimType, userName));
+            if (UserManager.SupportsUserEmail)
+            {
+                var email = await UserManager.GetEmailAsync(user);
+                if (!string.IsNullOrEmpty(email))
+                {
+                    id.AddClaim(new Claim(Options.ClaimsIdentity.EmailClaimType, email));
+                }
+            }
             if (UserManager.SupportsUserSecurityStamp)
             {
                 id.AddClaim(new Claim(Options.ClaimsIdentity.SecurityStampClaimType,
@@ -154,4 +162,4 @@ protected override async Task<ClaimsIdentity> GenerateClaimsAsync(TUser user)
             return id;
         }
     }
-}
+}

src/Identity/test/Identity.Test/UserClaimsPrincipalFactoryTest.cs

@@ -30,22 +30,33 @@ await Assert.ThrowsAsync<ArgumentNullException>("user",
         }
 
         [Theory]
-        [InlineData(false, false, false)]
-        [InlineData(false, true, false)]
-        [InlineData(true, false, false)]
-        [InlineData(true, true, false)]
-        [InlineData(true, false, true)]
-        [InlineData(true, true, true)]
-        public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims)
+        [InlineData(true, false, false, false)]
+        [InlineData(true, true, false, false)]
+        [InlineData(true, false, true, false)]
+        [InlineData(true, true, true, false)]
+        [InlineData(false, false, false, true)]
+        [InlineData(false, true, false, true)]
+        [InlineData(false, false, false, false)]
+        [InlineData(false, true, false, false)]
+        [InlineData(true, false, false, true)]
+        [InlineData(true, true, false, true)]
+        [InlineData(true, false, true, true)]
+        [InlineData(true, true, true, true)]
+        public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool supportClaims, bool supportRoleClaims, bool supportsUserEmail)
         {
             // Setup
             var userManager = MockHelpers.MockUserManager<PocoUser>();
             var roleManager = MockHelpers.MockRoleManager<PocoRole>();
-            var user = new PocoUser { UserName = "Foo" };
+            var user = new PocoUser { UserName = "Foo", Email = "foo@bar.com" };
             userManager.Setup(m => m.SupportsUserClaim).Returns(supportClaims);
             userManager.Setup(m => m.SupportsUserRole).Returns(supportRoles);
+            userManager.Setup(m => m.SupportsUserEmail).Returns(supportsUserEmail);
             userManager.Setup(m => m.GetUserIdAsync(user)).ReturnsAsync(user.Id);
             userManager.Setup(m => m.GetUserNameAsync(user)).ReturnsAsync(user.UserName);
+            if (supportsUserEmail)
+            {
+                userManager.Setup(m => m.GetEmailAsync(user)).ReturnsAsync(user.Email);
+            }
             var roleClaims = new[] { "Admin", "Local" };
             if (supportRoles)
             {
@@ -90,6 +101,7 @@ public async Task EnsureClaimsIdentityHasExpectedClaims(bool supportRoles, bool
             Assert.Contains(
                 claims, c => c.Type == manager.Options.ClaimsIdentity.UserNameClaimType && c.Value == user.UserName);
             Assert.Contains(claims, c => c.Type == manager.Options.ClaimsIdentity.UserIdClaimType && c.Value == user.Id);
+            Assert.Equal(supportsUserEmail, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.EmailClaimType && c.Value == user.Email));
             Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Admin"));
             Assert.Equal(supportRoles, claims.Any(c => c.Type == manager.Options.ClaimsIdentity.RoleClaimType && c.Value == "Local"));
             foreach (var cl in userClaims)