feat: allow external SSO methods to log into teams as long as emails match (#3813)

* wip * wip * fix comments * better separation of conerns * fix up tests * fix semantics * fixup tsc * fix some tests * the old semantics were easier to use * add db:reset to scripts * explicitly throw for unauthorized external authorization * fix minor bug * add additional tests for user creator and team creator * yank the email matching logic out of teamcreator * renaming * fix type and test errors * adds test to ensure that accountProvisioner works with email matching * remove only * fix comments * recreate changes to allow self hosted to make teams
2022-07-24 07:55:30 -04:00
parent 24170e8684
commit 870d9ed41e
11 changed files with 322 additions and 165 deletions
--- a/server/commands/accountProvisioner.test.ts
+++ b/server/commands/accountProvisioner.test.ts
@@ -108,6 +108,44 @@ describe("accountProvisioner", () => {
    spy.mockRestore();
  });

+  it("should allow authentication by email matching", async () => {
+    const existingTeam = await buildTeam();
+    const providers = await existingTeam.$get("authenticationProviders");
+    const authenticationProvider = providers[0];
+    const userWithoutAuth = await buildUser({
+      email: "email@example.com",
+      teamId: existingTeam.id,
+      authentications: [],
+    });
+
+    const { user, isNewUser, isNewTeam } = await accountProvisioner({
+      ip,
+      user: {
+        name: userWithoutAuth.name,
+        email: "email@example.com",
+        avatarUrl: userWithoutAuth.avatarUrl,
+      },
+      team: {
+        name: existingTeam.name,
+        avatarUrl: existingTeam.avatarUrl,
+        subdomain: "example",
+      },
+      authenticationProvider: {
+        name: authenticationProvider.name,
+        providerId: authenticationProvider.providerId,
+      },
+      authentication: {
+        providerId: "anything",
+        accessToken: "123",
+        scopes: ["read"],
+      },
+    });
+    expect(user.id).toEqual(userWithoutAuth.id);
+    expect(isNewTeam).toEqual(false);
+    expect(isNewUser).toEqual(false);
+    expect(user.authentications.length).toEqual(0);
+  });
+
  it("should throw an error when authentication provider is disabled", async () => {
    const existingTeam = await buildTeam();
    const providers = await existingTeam.$get("authenticationProviders");