Fix documentation

Timshel · Oct 8, 2024 · 6d02ef6 · 6d02ef6
1 parent 86d2987
commit 6d02ef6
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/SSO.md b/SSO.md
@@ -68,10 +68,10 @@ TRUNCATE TABLE sso_users;
 
 ### On `SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION`
 
-If your provider does not send the verification status of emails you will need to activate this setting.
+If your provider does not send the verification status of emails (`email_verified` [claim](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims)) you will need to activate this setting.
 
-If set with `SSO_SIGNUPS_MATCH_EMAIL=true` (the default), then an user can associate with an existing non sso account even if he does not control the email.
-This allow an user to gain access to sensitive information but the Master password is still required to read the passwords.
+If set with `SSO_SIGNUPS_MATCH_EMAIL=true` (the default), then a user can associate with an existing, non-SSO account, even if they do not control the email address.
+This allow a user to gain access to sensitive information but the master password is still required to read the passwords.
 
 As such when using `SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION` it is recommended to disable `SSO_SIGNUPS_MATCH_EMAIL`.
 If you need to associate non sso users try to keep both settings activated for the shortest time possible.

diff --git a/src/api/identity.rs b/src/api/identity.rs
@@ -194,7 +194,7 @@ async fn _sso_login(
                 "Login failure ({}), existing SSO user ({}) with same email ({})",
                 user_infos.identifier, user.uuid, user.email
             );
-            err_silent!("Existing non SSO user with same email")
+            err_silent!("Existing SSO user with same email")
         }
         Some((user, sso_user)) => {
             let (mut device, new_device) = get_device(&data, conn, &user).await?;

diff --git a/src/config.rs b/src/config.rs
@@ -645,7 +645,7 @@ make_config! {
         sso_enabled:                    bool,   false,   def,    false;
         /// Only sso login |> Disable Email+Master Password login
         sso_only:                       bool,   true,   def,    false;
-        /// Allow email associtation |> Associate existing non-sso user based on email
+        /// Allow email association |> Associate existing non-sso user based on email
         sso_signups_match_email:        bool,   true,   def,    true;
         /// Allow unknown email verification status |> Allowing this with `SSO_SIGNUPS_MATCH_EMAIL=true` open potential account takeover.
         sso_allow_unknown_email_verification: bool, false, def, false;