diff --git a/zproject/backends.py b/zproject/backends.py index 55d21b9edd..001e1663e0 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -2277,6 +2277,8 @@ class GenericOpenIdConnectBackend(SocialAuthMixin, OpenIdConnectAuth): display_icon = settings_dict.get("display_icon") display_name = settings_dict.get("display_name", "OIDC") + full_name_validated = getattr(settings, "SOCIAL_AUTH_OIDC_FULL_NAME_VALIDATED", False) + # Discovery endpoint for the superclass to read all the appropriate # configuration from. OIDC_ENDPOINT = settings_dict.get("oidc_url") diff --git a/zproject/default_settings.py b/zproject/default_settings.py index 6b55d76ceb..80975db7b0 100644 --- a/zproject/default_settings.py +++ b/zproject/default_settings.py @@ -99,6 +99,7 @@ SOCIAL_AUTH_APPLE_EMAIL_AS_USERNAME = True # Generic OpenID Connect: SOCIAL_AUTH_OIDC_ENABLED_IDPS: Dict[str, Dict[str, Optional[str]]] = {} +SOCIAL_AUTH_OIDC_FULL_NAME_VALIDATED = False # Other auth SSO_APPEND_DOMAIN: Optional[str] = None diff --git a/zproject/prod_settings_template.py b/zproject/prod_settings_template.py index 853ca4089b..e9e527119e 100644 --- a/zproject/prod_settings_template.py +++ b/zproject/prod_settings_template.py @@ -369,6 +369,14 @@ SOCIAL_AUTH_OIDC_ENABLED_IDPS = { } } +## Controls how Zulip uses the Full Name provided by the IdP at the +## userinfo endpoint. By default, Zulip prefills that value but lets +## the user modify it in the registration form. When enabled, Zulip +## assumes the name is correct, and new users will not be presented +## with a registration form unless they need to accept Terms of +## Service (i.e. TERMS_OF_SERVICE=True). +# SOCIAL_AUTH_OIDC_FULL_NAME_VALIDATED = True + ######## ## SAML authentication ## diff --git a/zproject/test_extra_settings.py b/zproject/test_extra_settings.py index a793ce18c0..b3559a3405 100644 --- a/zproject/test_extra_settings.py +++ b/zproject/test_extra_settings.py @@ -202,6 +202,7 @@ SOCIAL_AUTH_OIDC_ENABLED_IDPS = { "secret": "secret", } } +SOCIAL_AUTH_OIDC_FULL_NAME_VALIDATED = True VIDEO_ZOOM_CLIENT_ID = "client_id"