-
Notifications
You must be signed in to change notification settings - Fork 83
Epic: Single Sign On #4751
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Epic: Single Sign On #4751
Changes from 25 commits
Commits
Show all changes
40 commits
Select commit
Hold shift + click to select a range
8a494b6
feat: support github sso
doc-han 5c4de29
feat: sso register
doc-han 6c61868
feat: support linking & unlinking for identities
doc-han 671b321
feat: add new provider
doc-han d9fa75f
feat: disable auto-link of acocunts
doc-han 448d93c
feat: prompt user before creating new sso account
doc-han a1cbc2a
feat: route so registration through account-hook
doc-han aaf20a9
tests: update tests
doc-han d83242a
chore: resolve dialyzer
doc-han 6883427
Merge branch 'main' into 4621-full-sso-experience
doc-han fc630ad
feat: pick user email from dedicated endpoint (Github)
doc-han 4e579f9
chore: update deployment.md
doc-han 3c04662
feat: rollback
doc-han 1985ee1
feat: only allow verified emails
doc-han f4bcd1a
feat: enforce at most one identity match
doc-han a57c320
chore: break long lines
doc-han e85908b
refactor: reuse methods
doc-han 213850d
chore: update changelog
doc-han 99f5e86
refactor: remove unused modules (#4825)
doc-han 3667a84
feat: resolve csrf issue
doc-han 87aa4a2
feat: prevent multiple identities per provider
doc-han 2d43a16
fix: correct vertical alignment of SSO provider buttons
lmac-1 ba4c921
fix: use correct capitalisation for SSO provider display names
lmac-1 3cdca67
test: update Github assertion to GitHub
lmac-1 8a00180
refactor: remove redundant Google clause from display_name/1
lmac-1 4766975
feat: add sso_ prefix to envs & remove salesforce docs
doc-han b9cb25c
feat: implement unlink locking
doc-han 5577b32
feat: sso users should set password from profile screen
doc-han 2929b39
feat: email change allowed when password is set
doc-han 8de9755
feat: webhook auth view methods
doc-han 3a8c6e7
fix: don't require provider email when linking SSO identity
midigofrank 179b51c
fix: handle userinfo fetch failures without raising
midigofrank 09b0f17
fix: derive SSO email_verified from the provider emails endpoint
midigofrank caa8fc7
fix: report unlink delete failures distinctly from not-linked
midigofrank ec7867a
refactor: use Repo.exists? for the unlink lock-out check
midigofrank c5f9be4
feat: show legacy auth button
doc-han 4de683d
Merge branch 'main' into 4621-full-sso-experience
doc-han b980672
fix: email validation
doc-han 4c9b0aa
feat: link/unlink new sso providers only
doc-han 188ca26
Merge branch 'main' into 4621-full-sso-experience
doc-han File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| defmodule Lightning.Accounts.UserIdentity do | ||
| @moduledoc """ | ||
| Schema for tracking SSO provider identities linked to user accounts. | ||
|
|
||
| A user has at most one identity per provider, and the combination of provider | ||
| and uid is globally unique (an identity can't be claimed by two users). | ||
| """ | ||
| use Lightning.Schema | ||
|
|
||
| alias Lightning.Accounts.User | ||
|
|
||
| schema "user_identities" do | ||
| field :provider, :string | ||
| field :uid, :string | ||
| belongs_to :user, User | ||
| timestamps() | ||
| end | ||
|
|
||
| def changeset(identity, attrs) do | ||
| identity | ||
| |> cast(attrs, [:provider, :uid, :user_id]) | ||
| |> validate_required([:provider, :uid, :user_id]) | ||
| |> unique_constraint([:provider, :uid]) | ||
| |> unique_constraint([:user_id, :provider], | ||
| message: "is already linked to a different account for this provider" | ||
| ) | ||
| end | ||
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.