NET-1349: add new user to pending user via RAC login (#2967)

* add new user to pending user via RAC login * fix: add check for allowed domains --------- Co-authored-by: the_aceix <aceixsmartx@gmail.com>
2025-09-06 21:24:16 +08:00 · 2024-06-11 18:07:32 +05:30 · 2024-06-11 18:07:32 +05:30 · 1ce38f7c7c
commit 1ce38f7c7c
parent 50d8da2dc2
1 changed files with 19 additions and 4 deletions
--- a/pro/auth/headless_callback.go
+++ b/pro/auth/headless_callback.go
@ -6,6 +6,7 @@ import (
 	"net/http"

 	"github.com/gravitl/netmaker/auth"
+	"github.com/gravitl/netmaker/database"
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/logic"
 	"github.com/gravitl/netmaker/logic/pro/netcache"
@ -51,6 +52,10 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	if !isEmailAllowed(userClaims.Email) {
+		handleOauthUserNotAllowedToSignUp(w)
+		return
+	}
 	// check if user approval is already pending
 	if logic.IsPendingUser(userClaims.getUserName()) {
 		handleOauthUserSignUpApprovalPending(w)
@ -58,11 +63,21 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 	}
 	user, err := logic.GetUser(userClaims.getUserName())
 	if err != nil {
-		response := returnErrTemplate("", "user not found", state, reqKeyIf)
-		w.WriteHeader(http.StatusForbidden)
-		w.Write(response)
+		if database.IsEmptyRecord(err) { // user must not exist, so try to make one
+			err = logic.InsertPendingUser(&models.User{
+				UserName: userClaims.getUserName(),
+			})
+			if err != nil {
+				handleSomethingWentWrong(w)
 				return
 			}
+			handleFirstTimeOauthUserSignUp(w)
+			return
+		} else {
+			handleSomethingWentWrong(w)
+			return
+		}
+	}
 	newPass, fetchErr := auth.FetchPassValue("")
 	if fetchErr != nil {
 		return