QT/sure - sure

QT/sure

Fork 0

mirror of https://github.com/we-promise/sure.git synced 2026-05-25 05:24:57 +00:00

Commit Graph

Author	SHA1	Message	Date
plind	6402f1dd08	fix(sso): preserve user-edited name across OIDC logins (#1777 ) OidcIdentity#sync_user_attributes! runs on every SSO sign-in and overwrote user.first_name / user.last_name with whatever the IdP sent, because the precedence was `auth.info.* \|\| user.` — the IdP always won when it supplied a value. A user who edited their first name to "Adam" inside Sure had it reset to the IdP value "Ben" on the next login, while the last name only "stuck" when the IdP happened not to return a last_name (#1103). Swap the precedence to `user. \|\| auth.info.*` so the IdP fills only when Sure has nothing on file (first link or admin-blanked field). Edits inside Sure are then authoritative for every subsequent login. The audit copy on the OidcIdentity record itself is unchanged, so the IdP-reported name is still available for debugging. Closes #1103. Co-authored-by: plind-junior <plind-junior@users.noreply.github.com>	2026-05-12 21:55:22 +02:00
Copilot	1ee20ab3a6	Eliminate code duplication in OIDC identity creation (#230 ) * Eliminate duplication by using create_from_omniauth method - Updated OidcIdentity.create_from_omniauth to set last_authenticated_at - Refactored OidcAccountsController to use create_from_omniauth instead of direct create! calls - Updated test to verify last_authenticated_at is set by create_from_omniauth Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Extract auth hash building into private helper method - Added build_auth_hash helper method to eliminate OpenStruct creation duplication - Both create_link and create_user actions now use the same helper Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> * Linter fix * Fix button style on OIDC link step * Fix dark mode styles --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com> Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>	2025-10-25 22:23:28 +02:00
Juan José Mata	768e85ce08	Add OpenID Connect login support (#77 ) * Add OpenID Connect login support * Add docs for OIDC config with Google Auth * Use Google styles for log in - Add support for linking existing account - Force users to sign-in with passoword first, when linking existing accounts - Add support to create new user when using OIDC - Add identities to user to prevent account take-ver - Make tests mocking instead of being integration tests - Manage session handling correctly - use OmniAuth.config.mock_auth instead of passing auth data via request env * Conditionally render Oauth button - Set a config item `configuration.x.auth.oidc_enabled` - Hide button if disabled --------- Signed-off-by: Juan José Mata <juanjo.mata@gmail.com> Signed-off-by: soky srm <sokysrm@gmail.com> Co-authored-by: sokie <sokysrm@gmail.com>	2025-10-24 16:07:45 +02:00

Author

SHA1

Message

Date

plind

6402f1dd08

fix(sso): preserve user-edited name across OIDC logins (#1777 )

OidcIdentity#sync_user_attributes! runs on every SSO sign-in and
overwrote user.first_name / user.last_name with whatever the IdP sent,
because the precedence was `auth.info.* || user.*` — the IdP always
won when it supplied a value. A user who edited their first name to
"Adam" inside Sure had it reset to the IdP value "Ben" on the next
login, while the last name only "stuck" when the IdP happened not to
return a last_name (#1103).

Swap the precedence to `user.* || auth.info.*` so the IdP fills only
when Sure has nothing on file (first link or admin-blanked field).
Edits inside Sure are then authoritative for every subsequent login.
The audit copy on the OidcIdentity record itself is unchanged, so the
IdP-reported name is still available for debugging.

Closes #1103.

Co-authored-by: plind-junior <plind-junior@users.noreply.github.com>

2026-05-12 21:55:22 +02:00

Copilot

1ee20ab3a6

Eliminate code duplication in OIDC identity creation (#230 )

* Eliminate duplication by using create_from_omniauth method

- Updated OidcIdentity.create_from_omniauth to set last_authenticated_at
- Refactored OidcAccountsController to use create_from_omniauth instead of direct create! calls
- Updated test to verify last_authenticated_at is set by create_from_omniauth

Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>

* Extract auth hash building into private helper method

- Added build_auth_hash helper method to eliminate OpenStruct creation duplication
- Both create_link and create_user actions now use the same helper

Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>

* Linter fix

* Fix button style on OIDC link step

* Fix dark mode styles

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: jjmata <187772+jjmata@users.noreply.github.com>
Co-authored-by: Juan José Mata <juanjo.mata@gmail.com>

2025-10-25 22:23:28 +02:00

Juan José Mata

768e85ce08

Add OpenID Connect login support (#77 )

* Add OpenID Connect login support
* Add docs for OIDC config with Google Auth
* Use Google styles for log in
- Add support for linking existing account
- Force users to sign-in with passoword first, when linking existing accounts
- Add support to create new user when using OIDC
- Add identities to user to prevent account take-ver
- Make tests mocking instead of being integration tests
- Manage session handling correctly
- use OmniAuth.config.mock_auth instead of passing auth data via request env
* Conditionally render Oauth button

- Set a config item `configuration.x.auth.oidc_enabled`
- Hide button if disabled

---------

Signed-off-by: Juan José Mata <juanjo.mata@gmail.com>
Signed-off-by: soky srm <sokysrm@gmail.com>
Co-authored-by: sokie <sokysrm@gmail.com>

2025-10-24 16:07:45 +02:00

3 Commits