QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-20 12:34:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OIDC household invitation (issue #900) (#904)

Browse Source 
* Fix OIDC household invitation (issue #900)

- Auto-add existing user when inviting by email (no invite email sent)
- Accept page: choose 'Create account' or 'Sign in' (supports OIDC)
- Store invitation token in session on sign-in; accept after login (password,
  OIDC, OIDC link, OIDC JIT, MFA)
- Invitation#accept_for!(user): add user to household and mark accepted
- Defensive guards: nil/blank user, token normalization, accept_for! return check

* Address PR review: rename accept_for! to accept_for, i18n OIDC notice, test fixes, stub Rails.application.config

* Fix flaky system test: assert only configure step, not flash message

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: mkdev11 <jaysmth689+github@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
MkDev11
2026-02-06 07:14:42 -08:00
committed by GitHub
parent c77971ea0d
commit 87117445fe
12 changed files with 189 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/oidc_accounts_controller.rb
View File

@@ -47,13 +47,17 @@ class OidcAccountsController < ApplicationController
# Clear pending auth from session
session.delete(:pending_oidc_auth)
# Check if user has MFA enabled
if user.otp_required?
session[:mfa_user_id] = user.id
redirect_to verify_mfa_path
else
@session = create_session_for(user)
redirect_to root_path, notice: "Account successfully linked to #{@pending_auth['provider']}"
notice = if accept_pending_invitation_for(user)
t("invitations.accept_choice.joined_household")
else
t("sessions.openid_connect.account_linked", provider: @pending_auth["provider"])
end
redirect_to root_path, notice: notice
end
else
@email = params[:email]
@@ -139,9 +143,9 @@ class OidcAccountsController < ApplicationController
# Clear pending auth from session
session.delete(:pending_oidc_auth)
# Create session and log them in
@session = create_session_for(@user)
redirect_to root_path, notice: "Welcome! Your account has been created."
notice = accept_pending_invitation_for(@user) ? t("invitations.accept_choice.joined_household") : "Welcome! Your account has been created."
redirect_to root_path, notice: notice
else
render :new_user, status: :unprocessable_entity
end