Merge pull request #2518 from okriuchykhin/ok_SCI_4544_v2

Fix Azure AD user creation on sign in [SCI-4544]

app/controllers/users/omniauth_callbacks_controller.rb

@@ -28,25 +28,40 @@ module Users
       email = auth.info.email
       email ||= auth.dig(:extra, :raw_info, :id_token_claims, :emails)&.first
       user = User.from_omniauth(auth)
-      if user
-        # User found in database so just sign in him
-        sign_in_and_redirect(user)
-      elsif email.present?
-        user = User.find_by(email: email)
 
-        if user.blank?
-          # Create new user and identity
-          User.create_from_omniauth!(auth)
-          sign_in_and_redirect(user)
-        elsif provider_conf[:auto_link_on_sign_in]
-          # Link to existing local account
+      # User found in database so just signing in
+      return sign_in_and_redirect(user) if user.present?
+
+      if email.blank?
+        # No email in the token so can not link or create user
+        error_message = I18n.t('devise.azure.errors.no_email')
+        return redirect_to after_omniauth_failure_path_for(resource_name)
+      end
+
+      user = User.find_by(email: email)
+
+      if user.blank?
+        # Create new user and identity
+        full_name = "#{auth.info.first_name} #{auth.info.last_name}"
+        user = User.new(full_name: full_name,
+                        initials: generate_initials(full_name),
+                        email: email,
+                        password: generate_user_password)
+        User.transaction do
+          user.save!
           user.user_identities.create!(provider: auth.provider, uid: auth.uid)
-          sign_in_and_redirect(user)
-        else
-          # Cannot do anything with it, so just return an error
-          error_message = I18n.t('devise.azure.errors.no_local_user_map')
-          redirect_to after_omniauth_failure_path_for(resource_name)
+          user.update!(confirmed_at: user.created_at)
         end
+
+        sign_in_and_redirect(user)
+      elsif provider_conf[:auto_link_on_sign_in]
+        # Link to existing local account
+        user.user_identities.create!(provider: auth.provider, uid: auth.uid)
+        sign_in_and_redirect(user)
+      else
+        # Cannot do anything with it, so just return an error
+        error_message = I18n.t('devise.azure.errors.no_local_user_map')
+        redirect_to after_omniauth_failure_path_for(resource_name)
       end
     rescue StandardError => e
       Rails.logger.error e.message

app/models/user.rb

@@ -354,20 +354,6 @@ class User < ApplicationRecord
       .take
   end
 
-  def self.create_from_omniauth!(auth)
-    full_name = "#{auth.info.first_name} #{auth.info.last_name}"
-    user = User.new(full_name: full_name,
-                    initials: generate_initials(full_name),
-                    email: email,
-                    password: generate_user_password)
-    User.transaction do
-      user.save!
-      user.user_identities.create!(provider: auth.provider, uid: auth.uid)
-      user.update!(confirmed_at: user.created_at)
-    end
-    user
-  end
-
   # Search all active users for username & email. Can
   # also specify which team to ignore.
   def self.search(

config/locales/en.yml

@@ -60,6 +60,7 @@ en:
       errors:
         generic: "Failed to sign in user"
         no_local_user_map: "No local user record found"
+        no_email: "Email is missing in auth token"
         failed_to_save: "Failed to create new user"
 
   doorkeeper:

lib/omniauth/strategies/custom_azure_active_directory.rb

@@ -25,7 +25,7 @@ module OmniAuth
           response_mode: response_mode,
           response_type: response_type,
           nonce: new_nonce,
-          scope: 'openid'
+          scope: 'openid profile email'
         }
         params[:p] = options[:sign_in_policy] if options[:sign_in_policy].present?