Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api/oauth: also activate user after successful oauth authentication #4779

Merged
merged 1 commit into from
Mar 25, 2024
Merged

api/oauth: also activate user after successful oauth authentication #4779

merged 1 commit into from
Mar 25, 2024

Conversation

BacLuc
Copy link
Contributor

@BacLuc BacLuc commented Mar 16, 2024
edited
Loading

Issue: #4670

Previously this only happened if the user was created after the oauth authentication.
Now this also happens if an existing not activated user authenticates with oauth, because we trust the email provided via oauth.

usu
usu reviewed Mar 17, 2024
View reviewed changes
Copy link
Member

@usu usu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we miss to cover the case, if the user has created a email/password login and then authenticates with oAuth. Shouldn't that activate the user as well?

@BacLuc
Copy link
Contributor Author

BacLuc commented Mar 17, 2024
edited
Loading

I think we miss to cover the case, if the user has created a email/password login and then authenticates with oAuth. Shouldn't that activate the user as well?

That's exactly what this PR should do. I updated the PR description to make it hopefully clearer.

@pmattmann
Copy link
Member

I think we miss to cover the case, if the user has created a email/password login and then authenticates with oAuth. Shouldn't that activate the user as well?

That's exactly what this PR should do. I updated the PR description to make it hopefully clearer.

I think the question comes from here: https://github.com/BacLuc/ecamp3/blob/80ae096544e8156607a4588cd36d275c7d7c492a/api/src/Security/OAuth/GoogleAuthenticator.php#L72-L80

Is this if (is_null($profile)) { always true?
If not, in the else case the status is not updated.

@BacLuc
Copy link
Contributor Author

BacLuc commented Mar 17, 2024

I think we miss to cover the case, if the user has created a email/password login and then authenticates with oAuth. Shouldn't that activate the user as well?

That's exactly what this PR should do. I updated the PR description to make it hopefully clearer.

I think the question comes from here: https://github.com/BacLuc/ecamp3/blob/80ae096544e8156607a4588cd36d275c7d7c492a/api/src/Security/OAuth/GoogleAuthenticator.php#L72-L80

Is this if (is_null($profile)) { always true? If not, in the else case the status is not updated.

oh, it was a little late yesterday.
This also explains a bug i encountered. I will fix that.

@BacLuc BacLuc force-pushed the also-activate-user-after-oauth-login branch from 80ae096 to 809b447 Compare March 23, 2024 17:02
@BacLuc
Copy link
Contributor Author

BacLuc commented Mar 23, 2024

I think we miss to cover the case, if the user has created a email/password login and then authenticates with oAuth. Shouldn't that activate the user as well?

That's exactly what this PR should do. I updated the PR description to make it hopefully clearer.

I think the question comes from here: https://github.com/BacLuc/ecamp3/blob/80ae096544e8156607a4588cd36d275c7d7c492a/api/src/Security/OAuth/GoogleAuthenticator.php#L72-L80

Is this if (is_null($profile)) { always true? If not, in the else case the status is not updated.

I fixed it

usu
usu requested changes Mar 24, 2024
View reviewed changes
api/src/Security/OAuth/GoogleAuthenticator.php
@@ -67,6 +67,9 @@ public function authenticate(Request $request): Passport {
$profile->surname = $googleUser->getLastName();
$user = new User();
$user->profile = $profile;
}

if (in_array($user->state, [null, User::STATE_NONREGISTERED, User::STATE_REGISTERED])) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very clean now. But you have an early return above, so if $existingProfile is true, you will never get here.

I think the best is if you extract the logic above into a separate function (e.g. findOrCreateUser) and then you could keep the cleanliness of this last state-check.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An existing Profile has to have run through the If below in a previous request, else it cannot be an existing Profile.
As long as we don't reset the state, this should be good enough

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, get it. Thanks for clarifying.

@pmattmann pmattmann added this pull request to the merge queue Mar 25, 2024
Merged via the queue into ecamp:devel with commit afa6571 Mar 25, 2024
32 checks passed
@BacLuc BacLuc deleted the also-activate-user-after-oauth-login branch March 25, 2024 21:24
@carlobeltrame carlobeltrame added the Meeting Discuss Am nächsten Core-Meeting besprechen label Mar 26, 2024
@manuelmeister manuelmeister removed the Meeting Discuss Am nächsten Core-Meeting besprechen label Mar 26, 2024
@manuelmeister manuelmeister mentioned this pull request Mar 26, 2024
Merged
@simfeld simfeld mentioned this pull request Mar 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@usu usu usu approved these changes

@pmattmann pmattmann pmattmann approved these changes

@carlobeltrame carlobeltrame carlobeltrame approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@BacLuc @pmattmann @usu @carlobeltrame @manuelmeister