From 1ce38f7c7c631b24c757f3915d59d2ab7292759d Mon Sep 17 00:00:00 2001
From: Abhishek K <32607604+abhishek9686@users.noreply.github.com>
Date: Tue, 11 Jun 2024 18:07:32 +0530
Subject: [PATCH] NET-1349: add new user to pending user via RAC login (#2967)

* add new user to pending user via RAC login

* fix: add check for allowed domains

---------

Co-authored-by: the_aceix <aceixsmartx@gmail.com>
---
 pro/auth/headless_callback.go | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/pro/auth/headless_callback.go b/pro/auth/headless_callback.go
index 838f9713..7fb04aa6 100644
--- a/pro/auth/headless_callback.go
+++ b/pro/auth/headless_callback.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 
 	"github.com/gravitl/netmaker/auth"
+	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/pro/netcache"
@@ -51,6 +52,10 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if !isEmailAllowed(userClaims.Email) {
+		handleOauthUserNotAllowedToSignUp(w)
+		return
+	}
 	// check if user approval is already pending
 	if logic.IsPendingUser(userClaims.getUserName()) {
 		handleOauthUserSignUpApprovalPending(w)
@@ -58,10 +63,20 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 	}
 	user, err := logic.GetUser(userClaims.getUserName())
 	if err != nil {
-		response := returnErrTemplate("", "user not found", state, reqKeyIf)
-		w.WriteHeader(http.StatusForbidden)
-		w.Write(response)
-		return
+		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
+			err = logic.InsertPendingUser(&models.User{
+				UserName: userClaims.getUserName(),
+			})
+			if err != nil {
+				handleSomethingWentWrong(w)
+				return
+			}
+			handleFirstTimeOauthUserSignUp(w)
+			return
+		} else {
+			handleSomethingWentWrong(w)
+			return
+		}
 	}
 	newPass, fetchErr := auth.FetchPassValue("")
 	if fetchErr != nil {