FEATURE: sso_overrides_(email|username|name) for all auth methods

These settings previously applied only to discourse-sso. Now they work for all external authentication methods.
2025-05-30 04:18:27 +08:00 · 2020-06-18 11:01:02 +01:00
parent ec448a1516
commit 977766e7a8
14 changed files with 143 additions and 60 deletions
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@ -206,7 +206,7 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(data["username"]).to eq("Some_Name")
        expect(data["auth_provider"]).to eq("google_oauth2")
        expect(data["email_valid"]).to eq(true)
-        expect(data["omit_username"]).to eq(false)
+        expect(data["can_edit_username"]).to eq(true)
        expect(data["name"]).to eq("Some Name")
        expect(data["destination_url"]).to eq(destination_url)
      end
@ -229,7 +229,8 @@ RSpec.describe Users::OmniauthCallbacksController do
          uid: '123545',
          info: OmniAuth::AuthHash::InfoHash.new(
            email: user.email,
-            name: 'Some name'
+            name: 'Some name',
+            nickname: 'Somenickname'
          ),
          extra: {
            raw_info: OmniAuth::AuthHash.new(
@ -347,6 +348,44 @@ RSpec.describe Users::OmniauthCallbacksController do
        expect(user.confirm_password?("securepassword")).to eq(false)
      end

+      it "should update name/username/email when sso_overrides is enabled" do
+        SiteSetting.email_editable = false
+        SiteSetting.sso_overrides_email = true
+        SiteSetting.sso_overrides_name = true
+        SiteSetting.sso_overrides_username = true
+
+        UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545')
+
+        old_email = user.email
+        user.update!(name: 'somename', username: 'somusername', email: 'email@example.com')
+
+        get "/auth/google_oauth2/callback.json"
+        expect(response.status).to eq(302)
+
+        user.reload
+        expect(user.email).to eq(old_email)
+        expect(user.username).to eq('Somenickname')
+        expect(user.name).to eq('Some name')
+      end
+
+      it "will not update email if not verified" do
+        SiteSetting.email_editable = false
+        SiteSetting.sso_overrides_email = true
+
+        OmniAuth.config.mock_auth[:google_oauth2][:extra][:raw_info][:email_verified] = false
+
+        UserAssociatedAccount.create!(provider_name: "google_oauth2", user_id: user.id, provider_uid: '123545')
+
+        old_email = user.email
+        user.update!(email: 'email@example.com')
+
+        get "/auth/google_oauth2/callback.json"
+        expect(response.status).to eq(302)
+
+        user.reload
+        expect(user.email).to eq('email@example.com')
+      end
+
      context 'when user has TOTP enabled' do
        before do
          user.create_totp(enabled: true)