Fixed OIDC small bug

2026-05-20 14:43:24 +03:00
parent a65488c304
commit 0cda791d44
1 changed files with 24 additions and 4 deletions
@@ -769,11 +769,15 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:

    // Find or create user
    let login = preferred_username.clone();
-    let user = query!(User, $login == login).get(&db).await?;
+    let existing = query!(User, $login == login).get(&db).await?;

-    let user = match user {
-        Some(u) => u,
+    let user = match existing {
+        Some(u) => {
+            tracing::info!(target: "oidc", username = %u.login, "SSO login: existing user");
+            u
+        }
        None => {
+            tracing::info!(target: "oidc", username = %preferred_username, "SSO login: creating new user");
            let mut new_user = User {
                id: Auto::auto(),
                login: preferred_username.clone(),
@@ -786,19 +790,35 @@ async fn oidc_callback(request: Request, session: Session, db: Database) -> cot:
                updated_at: now_utc(),
            };
            new_user.save(&db).await?;
-            new_user
+            // Re-query to get the DB-assigned id (Auto::auto() may not be
+            // populated in the struct after save)
+            let login2 = preferred_username.clone();
+            match query!(User, $login == login2).get(&db).await? {
+                Some(u) => {
+                    tracing::info!(target: "oidc", username = %u.login, id = ?u.id, "SSO login: new user created and fetched");
+                    u
+                }
+                None => {
+                    tracing::error!(target: "oidc", username = %preferred_username, "SSO login: user not found after creation");
+                    return Redirect::new(fail("sso")).into_response();
+                }
+            }
        }
    };

    if user.status != "active" {
+        tracing::warn!(target: "oidc", username = %user.login, status = %user.status, "SSO login: user disabled");
        return Redirect::new(fail("sso_disabled")).into_response();
    }

    let display = user
        .display_name
        .as_deref()
+        .filter(|s| !s.is_empty())
        .unwrap_or(&user.login)
        .to_string();
+
+    tracing::info!(target: "oidc", username = %user.login, display = %display, "SSO login: session established");
    session.insert(SESSION_USER_ID, user.id.unwrap()).await?;
    session.insert(SESSION_USER_NAME, display).await?;