feat: onlyCreateInvited option is not applied on coreIdProviders

data-fair · Dec 13, 2024 · 77dbe24 · 77dbe24
1 parent 9c6cbf9
commit 77dbe24
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/api/src/auth/router.ts b/api/src/auth/router.ts
@@ -690,9 +690,12 @@ const oauthCallback: RequestHandler = async (req, res, next) => {
   let user = await storage.getUserByEmail(userInfo.user.email, site)
   logContext.user = user
 
-  if (!user && !invit && config.onlyCreateInvited) {
+  if (!user && !invit && config.onlyCreateInvited && !provider.coreIdProvider) {
     return returnError('onlyCreateInvited', 400)
   }
+  if (!user && storage.readonly) {
+    return returnError('userUnknown', 403)
+  }
 
   // Re-create a user that was never validated.. first clean temporary user
   if (user && user.emailConfirmed === false) {
@@ -710,10 +713,6 @@ const oauthCallback: RequestHandler = async (req, res, next) => {
   if (invit && memberInfo.create) throw new Error('Cannot create a member from a identity provider and accept an invitation at the same time')
 
   if (!user) {
-    if ((!invit && config.onlyCreateInvited) || storage.readonly) {
-      return returnError('userUnknown', 403)
-    }
-
     const newUser: UserWritable = {
       ...userInfo.user,
       id: nanoid(),
@@ -911,7 +910,7 @@ router.post('/saml2-assert', async (req, res) => {
   // check for user with same email
   let user = await storage.getUserByEmail(email, site)
 
-  if (!user && !invit && config.onlyCreateInvited) {
+  if (!user && !invit && config.onlyCreateInvited && !provider.coreIdProvider) {
     return returnError('onlyCreateInvited', 400)
   }