New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

implement social auto registration feature #966

Merged
merged 4 commits into from Sep 21, 2018

Conversation

3 participants
@ibrahimennafaa
Contributor

ibrahimennafaa commented Aug 16, 2018

Related to #574

I added a setting to allow auto silent registration of user when social auth is used.

Few things to be aware of:

  • enabling this setting would disable email verification for social auth but it's described under the setting + I think email verification for social auth is useless.
  • if domain restriction is enabled => the auto social registration process respect it.
    Missing: translation & probably better wording (my english is not perfect)

Missing: check of wording + translations

@ibrahimennafaa

This comment has been minimized.

Contributor

ibrahimennafaa commented Aug 21, 2018

Anyone would like to review this? @Abijeet @ssddanbrown happy to discuss

@ChrisMcKee

This comment has been minimized.

ChrisMcKee commented Aug 22, 2018

Sounds good; would be handy if you could restrict to only allow registration from social auth (restricts control of authentication to your github org or as configured in azure)

@ssddanbrown ssddanbrown merged commit d2f5313 into BookStackApp:master Sep 21, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@ssddanbrown ssddanbrown added this to the BookStack Beta v0.24.0 milestone Sep 21, 2018

@ssddanbrown

This comment has been minimized.

Member

ssddanbrown commented Sep 21, 2018

Thank you for this pull request @ibrahimennafaa. It is now merged although be aware I have made some changes to the system since which can be seen here:
e60d11e

I thought there's quite a good chance that trust in a social service may differ between services so admins may want more control over this kind of registration logic. Therefore I changed the global setting in the interface for a set of .env options.

For each $service you can now set a {$service}_AUTO_REGISTER and a {$service}_AUTO_CONFIRM_EMAIL option your .env file.

  • AUTO_REGISTER will allow registration from login, even if registration
    is disabled.
  • AUTO_CONFIRM_EMAIL indicates trust and will mark new registrants as
    'email_confirmed' and skip 'confirmation email' flow.

As part of my updates I also removed the additional registration logic from the SocialAuthService to reduce duplication so now send users down the normal registration flow at the controller-level.

Massive thanks for getting this started, Will be in the next release which I'm hoping will be done in the next few days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment