Skip to content

Commit

Permalink
Changes to Allowed Domains
Browse files Browse the repository at this point in the history
- improved error displays on front end when a user with a not allowed
  domain signs up for both local and external
- added corresponding tests
  • Loading branch information
alihadimazeh committed Dec 19, 2024
1 parent 5c3fb0a commit 35e6238
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 3 deletions.
2 changes: 1 addition & 1 deletion app/controllers/api/v1/users_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ def create
create_user_params[:language] = current_user&.language || I18n.default_locale if create_user_params[:language].blank?

# renders an error if the user is signing up with an invalid domain based off site settings
return render_error errors: Rails.configuration.custom_error_msgs[:unauthorized], status: :forbidden unless valid_domain?
return render_error errors: Rails.configuration.custom_error_msgs[:banned_user], status: :forbidden unless valid_domain?

user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call

Expand Down
5 changes: 3 additions & 2 deletions app/controllers/external_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,10 @@ def create_user
return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:invite_token_invalid])
end

return render_error status: :forbidden unless valid_domain?(user_info[:email])
# Redirect to root if the user doesn't exist and has an invalid domain
return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:banned_user]) if new_user && !valid_domain?(user_info[:email])

# Create the user if they dont exist
# Create the user if they don't exist
if new_user
user = UserCreator.new(user_params: user_info, provider: current_provider, role: default_role).call
user.save!
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ export default function Registration() {
<input
className="form-control"
placeholder={t('admin.site_settings.registration.enter_allowed_domains_rule')}
defaultValue={siteSettings?.AllowedDomains}
/>
<Button
variant="brand"
Expand Down
3 changes: 3 additions & 0 deletions app/javascript/components/home/HomePage.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,9 @@ export default function HomePage() {
case 'SignupError':
toast.error(t('toast.error.users.signup_error'));
break;
case 'BannedUser':
toast.error(t('toast.error.users.banned'));
break;
default:
}
if (error) { setSearchParams(searchParams.delete('error')); }
Expand Down
2 changes: 2 additions & 0 deletions app/javascript/hooks/mutations/users/useCreateUser.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ export default function useCreateUser() {
toast.error(t('toast.error.users.invalid_invite'));
} else if (err.response.data.errors === 'EmailAlreadyExists') {
toast.error(t('toast.error.users.email_exists'));
} else if (err.response.data.errors === 'BannedUser') {
toast.error(t('toast.error.users.banned'));
} else {
toast.error(t('toast.error.problem_completing_action'));
}
Expand Down
9 changes: 9 additions & 0 deletions spec/controllers/external_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -371,6 +371,15 @@

expect { get :create_user, params: { provider: 'openid_connect' } }.not_to change(User, :count)
end

it 'does not affect existing users with different domains' do
request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]

create(:user, external_id: OmniAuth.config.mock_auth[:openid_connect][:uid])

get :create_user, params: { provider: 'openid_connect' }
expect(response).not_to redirect_to(root_path(error: Rails.configuration.custom_error_msgs[:banned_user]))
end
end

context 'restricted domain set to multiple domain' do
Expand Down

0 comments on commit 35e6238

Please sign in to comment.