Fix missing SSO JIT account creation template (#679)

* Add UI and functionality for new user registration via OIDC integration * Add tests and localization for new user registration via OIDC --------- Co-authored-by: luckyPipewrench <luckypipewrench@proton.me>
2026-04-19 20:14:08 +00:00 · 2026-01-16 15:00:24 -05:00
parent c391ba2b23
commit 1ca84d8048
4 changed files with 92 additions and 2 deletions
--- a/app/controllers/oidc_accounts_controller.rb
+++ b/app/controllers/oidc_accounts_controller.rb
@@ -102,10 +102,12 @@ class OidcAccountsController < ApplicationController
    # Security: JIT users should NOT have password_digest set to prevent
    # chained authentication attacks where SSO users gain local login access
    # via password reset.
+    # Allow user to edit first_name and last_name from the form, but email comes from OIDC
+    user_params = params.fetch(:user, {}).permit(:first_name, :last_name)
    @user = User.new(
      email: email,
-      first_name: @pending_auth["first_name"],
-      last_name: @pending_auth["last_name"],
+      first_name: user_params[:first_name].presence || @pending_auth["first_name"],
+      last_name: user_params[:last_name].presence || @pending_auth["last_name"],
      skip_password_validation: true
    )

--- a/app/views/oidc_accounts/new_user.html.erb
+++ b/app/views/oidc_accounts/new_user.html.erb
@@ -0,0 +1,37 @@
+<%
+  header_title t("oidc_accounts.new_user.title")
+%>
+
+<div class="mb-6 p-4 bg-blue-50 border border-blue-200 rounded-md">
+  <h3 class="text-sm font-medium text-blue-800 mb-2"><%= t("oidc_accounts.new_user.heading") %></h3>
+  <p class="text-sm text-blue-700">
+    <%= t("oidc_accounts.new_user.description", provider: @pending_auth["provider"]) %>
+  </p>
+</div>
+
+<%= styled_form_with model: @user, url: create_user_oidc_account_path, class: "space-y-4", data: { turbo: false } do |form| %>
+  <div class="p-4 bg-container border border-secondary rounded-md">
+    <p class="text-sm text-secondary mb-1"><%= t("oidc_accounts.new_user.email_label") %></p>
+    <p class="text-sm text-primary font-medium"><%= @pending_auth["email"] %></p>
+  </div>
+
+  <%= form.text_field :first_name,
+    label: t("oidc_accounts.new_user.first_name_label"),
+    placeholder: t("oidc_accounts.new_user.first_name_placeholder"),
+    autofocus: true %>
+
+  <%= form.text_field :last_name,
+    label: t("oidc_accounts.new_user.last_name_label"),
+    placeholder: t("oidc_accounts.new_user.last_name_placeholder") %>
+
+  <%= form.submit t("oidc_accounts.new_user.submit") %>
+<% end %>
+
+<div class="mt-6 text-center">
+  <%= render DS::Link.new(
+    text: t("oidc_accounts.new_user.cancel"),
+    href: new_session_path,
+    variant: :default,
+    class: "font-medium text-sm text-primary hover:underline transition"
+  ) %>
+</div>