From 4a8ce7b6fa0086d230809d0917c6272ffc562d8c Mon Sep 17 00:00:00 2001
From: Aceix <aceixsmartX@gmail.com>
Date: Tue, 30 Apr 2024 04:27:48 +0000
Subject: [PATCH] fix(NET-1155): sso login changes (#2905)

* fix(NET-1155): prompt for user account on each sso login

* fix(NET-1152): correct pending user response from rac
---
 auth/azure-ad.go          | 2 +-
 auth/github.go            | 2 +-
 auth/google.go            | 2 +-
 auth/headless_callback.go | 2 +-
 auth/oidc.go              | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/auth/azure-ad.go b/auth/azure-ad.go
index ed37e0c4..671af763 100644
--- a/auth/azure-ad.go
+++ b/auth/azure-ad.go
@@ -121,7 +121,7 @@ func getAzureUserInfo(state string, code string) (*OAuthUser, error) {
 	if (!isValid || state != oauth_state_string) && !isStateCached(state) {
 		return nil, fmt.Errorf("invalid oauth state")
 	}
-	var token, err = auth_provider.Exchange(context.Background(), code)
+	var token, err = auth_provider.Exchange(context.Background(), code, oauth2.SetAuthURLParam("prompt", "login"))
 	if err != nil {
 		return nil, fmt.Errorf("code exchange failed: %s", err.Error())
 	}
diff --git a/auth/github.go b/auth/github.go
index 44fd017a..4d94f6c7 100644
--- a/auth/github.go
+++ b/auth/github.go
@@ -121,7 +121,7 @@ func getGithubUserInfo(state string, code string) (*OAuthUser, error) {
 	if (!isValid || state != oauth_state_string) && !isStateCached(state) {
 		return nil, fmt.Errorf("invalid oauth state")
 	}
-	var token, err = auth_provider.Exchange(context.Background(), code)
+	var token, err = auth_provider.Exchange(context.Background(), code, oauth2.SetAuthURLParam("prompt", "login"))
 	if err != nil {
 		return nil, fmt.Errorf("code exchange failed: %s", err.Error())
 	}
diff --git a/auth/google.go b/auth/google.go
index 31c8dafa..8d2f0ded 100644
--- a/auth/google.go
+++ b/auth/google.go
@@ -124,7 +124,7 @@ func getGoogleUserInfo(state string, code string) (*OAuthUser, error) {
 	if (!isValid || state != oauth_state_string) && !isStateCached(state) {
 		return nil, fmt.Errorf("invalid oauth state")
 	}
-	var token, err = auth_provider.Exchange(context.Background(), code)
+	var token, err = auth_provider.Exchange(context.Background(), code, oauth2.SetAuthURLParam("prompt", "login"))
 	if err != nil {
 		return nil, fmt.Errorf("code exchange failed: %s", err.Error())
 	}
diff --git a/auth/headless_callback.go b/auth/headless_callback.go
index d76704b7..5ca44438 100644
--- a/auth/headless_callback.go
+++ b/auth/headless_callback.go
@@ -52,7 +52,7 @@ func HandleHeadlessSSOCallback(w http.ResponseWriter, r *http.Request) {
 
 	// check if user approval is already pending
 	if logic.IsPendingUser(userClaims.getUserName()) {
-		handleOauthUserNotAllowed(w)
+		handleOauthUserSignUpApprovalPending(w)
 		return
 	}
 	user, err := logic.GetUser(userClaims.getUserName())
diff --git a/auth/oidc.go b/auth/oidc.go
index 87b7e70f..6fed9bf2 100644
--- a/auth/oidc.go
+++ b/auth/oidc.go
@@ -146,7 +146,7 @@ func getOIDCUserInfo(state string, code string) (u *OAuthUser, e error) {
 	ctx, cancel := context.WithTimeout(context.Background(), OIDC_TIMEOUT)
 	defer cancel()
 
-	oauth2Token, err := auth_provider.Exchange(ctx, code)
+	oauth2Token, err := auth_provider.Exchange(ctx, code, oauth2.SetAuthURLParam("prompt", "login"))
 	if err != nil {
 		return nil, fmt.Errorf("failed to exchange oauth2 token using code \"%s\"", code)
 	}