QT/sure
1
0
Fork 0
mirror of https://github.com/we-promise/sure.git synced 2026-04-19 03:54:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: improve SSO provider management and logging

Browse Source 
- Simplified `name_id_format` selection logic in SSO provider form.
- Switched raw database query to sanitized SQL in client secret tests.
- Added condition to log JIT account creation only when identity persists.
- Sanitized failure reasons in SSO login failure handling.
- Added SSO provider connection test policy tests for super admin and regular users.
This commit is contained in:
Josh Waldrep
2026-01-03 21:13:24 -05:00
parent d3055b2e0b
commit b2ecc6bc67
5 changed files with 28 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/controllers/oidc_accounts_controller.rb
View File

@@ -118,17 +118,19 @@ class OidcAccountsController < ApplicationController
if @user.save
# Create the OIDC (or other SSO) identity
OidcIdentity.create_from_omniauth(
identity = OidcIdentity.create_from_omniauth(
build_auth_hash(@pending_auth),
@user
)
# Log JIT account creation
SsoAuditLog.log_jit_account_created!(
user: @user,
provider: @pending_auth["provider"],
request: request
)
# Only log JIT account creation if identity was successfully created
if identity.persisted?
SsoAuditLog.log_jit_account_created!(
user: @user,
provider: @pending_auth["provider"],
request: request
)
end
# Clear pending auth from session
session.delete(:pending_oidc_auth)