TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-07 05:42:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: automatically link user without prompt (#8487)

Browse Source 
# Which Problems Are Solved

There were UX issue with the autolinking prompt page and users were not
able to link their account or would not understand what to do. Since the
trust to the IdP is already bound by the configuration, the user can
directly be linked without any user input.

# How the Problems Are Solved

- remove the prompt page and directly link the user if possible
- remove corresponding customization texts from the API and Console

# Additional Changes

None

# Additional Context

- relates to https://github.com/zitadel/zitadel/issues/7977
- discussed with customers
- created as a `fix` to be able to backport

---------

Co-authored-by: Max Peintner <max@caos.ch>
This commit is contained in:
Livio Spring
2024-08-28 07:33:20 +02:00
committed by GitHub
parent bc2c2feefd
commit ca8f82423a
35 changed files with 21 additions and 491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
internal/api/ui/login/external_provider_handler.go
View File

@@ -455,9 +455,9 @@ func (l *Login) handleExternalUserAuthenticated(
// checkAutoLinking checks if a user with the provided information (username or email) already exists within ZITADEL.
// The decision, which information will be checked is based on the IdP template option.
// The function returns a boolean whether a user was found or not.
// If single a user was found, it will be automatically linked.
func (l *Login) checkAutoLinking(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, provider *query.IDPTemplate, externalUser *domain.ExternalUser) bool {
queries := make([]query.SearchQuery, 0, 2)
var user *query.NotifyUser
switch provider.AutoLinking {
case domain.AutoLinkingOptionUnspecified:
// is auto linking is disable, we shouldn't even get here, but in case we do we can directly return
@@ -472,7 +472,7 @@ func (l *Login) checkAutoLinking(w http.ResponseWriter, r *http.Request, authReq
if err != nil {
return false
}
l.renderLinkingUserPrompt(w, r, authReq, user, nil)
l.autoLinkUser(w, r, authReq, user)
return true
}
// If a specific org has been requested, we'll check the provided username against usernames (of that org).
@@ -501,10 +501,22 @@ func (l *Login) checkAutoLinking(w http.ResponseWriter, r *http.Request, authReq
if err != nil {
return false
}
l.renderLinkingUserPrompt(w, r, authReq, user, nil)
l.autoLinkUser(w, r, authReq, user)
return true
}
func (l *Login) autoLinkUser(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, user *query.NotifyUser) {
if err := l.authRepo.SelectUser(r.Context(), authReq.ID, user.ID, authReq.AgentID); err != nil {
l.renderError(w, r, authReq, err)
return
}
if err := l.authRepo.LinkExternalUsers(r.Context(), authReq.ID, authReq.AgentID, domain.BrowserInfoFromRequest(r)); err != nil {
l.renderError(w, r, authReq, err)
return
}
l.renderNextStep(w, r, authReq)
}
// externalUserNotExisting is called if an externalAuthentication couldn't find a corresponding externalID
// possible solutions are:
//