From 0cda791d44ea480a64c43bb1ad55a10f0766b01c Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Wed, 20 May 2026 14:43:24 +0300
Subject: [PATCH] Fixed OIDC small bug

---
 src/admin.rs | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

diff --git a/src/admin.rs b/src/admin.rs
index 1f60be2..90edb96 100644
--- a/src/admin.rs
+++ b/src/admin.rs
@@ -769,11 +769,15 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
 
     // Find or create user
     let login = preferred_username.clone();
-    let user = query!(User, $login == login).get(&db).await?;
+    let existing = query!(User, $login == login).get(&db).await?;
 
-    let user = match user {
-        Some(u) => u,
+    let user = match existing {
+        Some(u) => {
+            tracing::info!(target: "oidc", username = %u.login, "SSO login: existing user");
+            u
+        }
         None => {
+            tracing::info!(target: "oidc", username = %preferred_username, "SSO login: creating new user");
             let mut new_user = User {
                 id: Auto::auto(),
                 login: preferred_username.clone(),
@@ -786,19 +790,35 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
                 updated_at: now_utc(),
             };
             new_user.save(&db).await?;
-            new_user
+            // Re-query to get the DB-assigned id (Auto::auto() may not be
+            // populated in the struct after save)
+            let login2 = preferred_username.clone();
+            match query!(User, $login == login2).get(&db).await? {
+                Some(u) => {
+                    tracing::info!(target: "oidc", username = %u.login, id = ?u.id, "SSO login: new user created and fetched");
+                    u
+                }
+                None => {
+                    tracing::error!(target: "oidc", username = %preferred_username, "SSO login: user not found after creation");
+                    return Redirect::new(fail("sso")).into_response();
+                }
+            }
         }
     };
 
     if user.status != "active" {
+        tracing::warn!(target: "oidc", username = %user.login, status = %user.status, "SSO login: user disabled");
         return Redirect::new(fail("sso_disabled")).into_response();
     }
 
     let display = user
         .display_name
         .as_deref()
+        .filter(|s| !s.is_empty())
         .unwrap_or(&user.login)
         .to_string();
+
+    tracing::info!(target: "oidc", username = %user.login, display = %display, "SSO login: session established");
     session.insert(SESSION_USER_ID, user.id.unwrap()).await?;
     session.insert(SESSION_USER_NAME, display).await?;