oidc: Add auto_signup configuration option.

2025-11-04 22:13:26 +00:00 · 2021-07-16 11:44:11 +02:00
parent fb3ddf50d4
commit 50e9169680
3 changed files with 40 additions and 0 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -3102,6 +3102,38 @@ class GenericOpenIdConnectTest(SocialAuthBase):
            family_name=name.split(" ")[1],
        )

+    @override_settings(TERMS_OF_SERVICE=None)
+    def test_social_auth_registration_auto_signup(self) -> None:
+        """
+        The analogue of the auto_signup test for SAML.
+        """
+        email = "newuser@zulip.com"
+        name = "Full Name"
+        subdomain = "zulip"
+        realm = get_realm("zulip")
+        account_data_dict = self.get_account_data_dict(email=email, name=name)
+
+        oidc_setting_dict = copy.deepcopy(settings.SOCIAL_AUTH_OIDC_ENABLED_IDPS)
+        idp_settings_dict = list(oidc_setting_dict.values())[0]
+        idp_settings_dict["auto_signup"] = True
+        with mock.patch.object(GenericOpenIdConnectBackend, "settings_dict", new=idp_settings_dict):
+            result = self.social_auth_test(
+                account_data_dict,
+                expect_choose_email_screen=True,
+                subdomain=subdomain,
+                is_signup=False,
+            )
+            self.stage_two_of_registration(
+                result,
+                realm,
+                subdomain,
+                email,
+                name,
+                name,
+                self.BACKEND_CLASS.full_name_validated,
+                expect_confirm_registration_page=False,
+            )
+
    def test_social_auth_no_key(self) -> None:
        """
        Requires overriding because client key/secret are configured
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -2407,6 +2407,9 @@ class GenericOpenIdConnectBackend(SocialAuthMixin, OpenIdConnectAuth):
            )
        ]

+    def should_auto_signup(self) -> bool:
+        return self.settings_dict.get("auto_signup", False)
+

 def validate_otp_params(
    mobile_flow_otp: Optional[str] = None, desktop_flow_otp: Optional[str] = None
--- a/zproject/prod_settings_template.py
+++ b/zproject/prod_settings_template.py
@@ -366,6 +366,11 @@ SOCIAL_AUTH_OIDC_ENABLED_IDPS = {
        ## reads the secret with the specified name from zulip-secrets.conf.
        "client_id": "<your client id>",
        "secret": get_secret("social_auth_oidc_secret"),
+        ## Determines whether "Log in with OIDC" will automatically
+        ## register a new account if one does not already exist. By
+        ## default, Zulip asks the user whether they want to create an
+        ## account or try to log in again using another method.
+        # "auto_signup": False,
    }
 }