Skip to content

add Auto Sign Up feature

ryanlong requested to merge auto_sign_up into main

Created by: deepakduggirala

Description

The Auto Sign Up feature allows new users to be automatically created when they attempt to log in with an authentication provider. This feature simplifies the user onboarding process but comes with potential security risks, It is suitable for demo purposes. This feature can disabled though config (api/config/default.json).

"auto_sign_up": {
      "enabled": false,
      "default_role": "user"
}

The role for the created users can be configured using auto_sign_up.default_role. Care must be taken when setting this value to operator or admin to make sure this is only done with demo instances and trusted audience. Added a warning log when auto sign up is enabled, indicating the default role and potential security risks.

Workflow

The auto sign-up process follows these steps:

  1. Find user by attribute key and value

    • The system attempts to locate an existing user using a specified attribute key (e.g., email, username) and value provided by the authentication provider.

  2. If a user is found:

    • If the user is active, return the user object.
    • If the user is not active, return null.

  3. If no user is found:

    • If auto sign-up is enabled:
      • Create a new user using the data provided by the authentication provider.
      • If the inferred username conflicts with an existing username, append a random string to resolve the conflict.
      • Return the newly created user object.
    • If auto sign-up is not enabled:
      • Return null.

Examples

Example 1: Existing Active User

  1. User logs in with OAuth provider using email = user@example.com.
  2. The system finds an active user with this email.
  3. The user is authenticated and logged in successfully.

Example 2: Existing Inactive User

  1. User logs in with OAuth provider using email = user@example.com.
  2. The system finds a user with this email, but the user is inactive.
  3. The system returns null → User cannot log in.

Example 3: New User with Auto Sign-Up Enabled

  1. User logs in with OAuth provider using email = newuser@example.com.
  2. The system does not find an existing user.
  3. Auto sign-up is enabled:
    • A new user is created with the provided email.
    • If the inferred username conflicts, a random string is appended.
  4. The new user is authenticated and logged in.

Example 4: New User with Auto Sign-Up Disabled

  1. User logs in with OAuth provider using email = newuser@example.com.
  2. The system does not find an existing user.
  3. Auto sign-up is disabled:
    • The system returns null → User cannot log in.

Changes Made

List the main changes made in this PR. Be as specific as possible.

  • Feature added
  • Bug fixed
  • Code refactored
  • Tests changed
  • Documentation updated
  • Other changes: [describe]

Checklist

Before submitting this PR, please make sure that:

  • Your code passes linting and coding style checks.
  • Documentation has been updated to reflect the changes.
  • You have reviewed your own code and resolved any merge conflicts.
  • You have requested a review from at least one team member.
  • Any relevant issue(s) have been linked to this PR.

Merge request reports