feat: unregistered user gets error message

Author: rrd108

playground/pages/login.vue

@@ -1,7 +1,25 @@
 <script setup>
 import { useAuthentication } from '#imports'
+import { ref, onMounted } from 'vue'
+import { useRoute } from 'vue-router'
 
 const { login } = useAuthentication()
+const route = useRoute()
+const oauthError = ref('')
+
+const errorMessages = {
+  oauth_failed: 'Authentication failed. Please try again.',
+  user_not_registered: 'You are not registered. Please contact an administrator or register first.',
+  account_inactive: 'Your account is inactive. Please contact support.',
+  oauth_not_configured: 'OAuth is not properly configured.'
+}
+
+onMounted(() => {
+  const errorParam = route.query.error
+  if (errorParam && errorMessages[errorParam]) {
+    oauthError.value = errorMessages[errorParam]
+  }
+})
 
 const handleSuccess = (user, rememberMe) => {
   console.log('[Nuxt Users] Login successful:', user, 'Remember me:', rememberMe)
@@ -22,6 +40,11 @@ const handleSubmit = (data) => {
 
 const handleGoogleLogin = () => {
   console.log('[Nuxt Users] Starting Google OAuth flow')
+  oauthError.value = '' // Clear any existing errors
+}
+
+const dismissError = () => {
+  oauthError.value = ''
 }
 </script>
 
@@ -36,7 +59,14 @@ const handleGoogleLogin = () => {
 
     <div class="demo-section">
       <h2>Login Component Demo</h2>
-      <p>Login with: rrd@webmania.cc / 123</p>
+    </div>
+
+    <div v-if="oauthError" class="error-banner">
+      <div class="error-content">
+        <span class="error-icon">⚠️</span>
+        <span class="error-message">{{ oauthError }}</span>
+        <button class="error-dismiss" @click="dismissError">✕</button>
+      </div>
     </div>
 
     <NUsersLoginForm
@@ -152,6 +182,65 @@ nav a {
   margin: 0 auto;
 }
 
+.error-banner {
+  margin: 1rem 0;
+  padding: 1rem;
+  background-color: #fef2f2;
+  border: 1px solid #fecaca;
+  border-radius: 8px;
+  animation: slideDown 0.3s ease-out;
+}
+
+@keyframes slideDown {
+  from {
+    opacity: 0;
+    transform: translateY(-10px);
+  }
+  to {
+    opacity: 1;
+    transform: translateY(0);
+  }
+}
+
+.error-content {
+  display: flex;
+  align-items: center;
+  gap: 0.75rem;
+}
+
+.error-icon {
+  font-size: 1.25rem;
+  flex-shrink: 0;
+}
+
+.error-message {
+  flex: 1;
+  color: #991b1b;
+  font-size: 0.875rem;
+  font-weight: 500;
+}
+
+.error-dismiss {
+  background: none;
+  border: none;
+  color: #991b1b;
+  cursor: pointer;
+  font-size: 1.25rem;
+  padding: 0;
+  width: 1.5rem;
+  height: 1.5rem;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  border-radius: 4px;
+  transition: background-color 0.2s;
+  flex-shrink: 0;
+}
+
+.error-dismiss:hover {
+  background-color: #fee2e2;
+}
+
 /* Responsive design */
 @media (max-width: 48rem) {
   .demo-container {

src/cli/add-google-oauth-fields.ts

@@ -24,14 +24,19 @@ export default defineCommand({
         const columnNames = tableInfo.rows.map(row => row.name)
 
         if (!columnNames.includes('google_id')) {
-          await db.sql`ALTER TABLE {${tableName}} ADD COLUMN google_id TEXT UNIQUE`
+          await db.sql`ALTER TABLE {${tableName}} ADD COLUMN google_id TEXT`
           console.log('[Nuxt Users] Added google_id column to SQLite users table ✅')
         }
 
         if (!columnNames.includes('profile_picture')) {
           await db.sql`ALTER TABLE {${tableName}} ADD COLUMN profile_picture TEXT`
           console.log('[Nuxt Users] Added profile_picture column to SQLite users table ✅')
         }
+
+        if (!columnNames.includes('last_login_at')) {
+          await db.sql`ALTER TABLE {${tableName}} ADD COLUMN last_login_at DATETIME`
+          console.log('[Nuxt Users] Added last_login_at column to SQLite users table ✅')
+        }
       }
 
       if (connectorName === 'mysql') {

src/runtime/server/api/nuxt-users/auth/google/callback.get.ts

@@ -1,11 +1,12 @@
-import { defineEventHandler, sendRedirect, createError, getQuery, setCookie } from 'h3'
+import { defineEventHandler, sendRedirect, getQuery, setCookie } from 'h3'
 import type { ModuleOptions } from 'nuxt-users/utils'
 import { useRuntimeConfig } from '#imports'
-import { 
-  createGoogleOAuth2Client, 
-  getGoogleUserFromCode, 
+import type { H3Event } from 'h3'
+import {
+  createGoogleOAuth2Client,
+  getGoogleUserFromCode,
   findOrCreateGoogleUser,
-  createAuthTokenForUser 
+  createAuthTokenForUser
 } from '../../../../utils/google-oauth'
 
 export default defineEventHandler(async (event) => {
@@ -15,7 +16,7 @@ export default defineEventHandler(async (event) => {
 
   // Check if Google OAuth is configured
   if (!options.auth.google) {
-    return sendRedirect(event, options.auth.google?.errorRedirect || '/login?error=oauth_not_configured')
+    return sendRedirect(event, '/login?error=oauth_not_configured')
   }
 
   // Handle OAuth errors
@@ -47,6 +48,13 @@ export default defineEventHandler(async (event) => {
     // Find or create user in database
     const user = await findOrCreateGoogleUser(googleUser, options)
 
+    // Check if user was not found and auto-registration is disabled
+    if (!user) {
+      console.warn(`[Nuxt Users] User not registered attempted Google OAuth login: ${googleUser.email}`)
+      const errorRedirect = options.auth.google.errorRedirect || '/login?error=user_not_registered'
+      return sendRedirect(event, errorRedirect)
+    }
+
     // Check if user account is active
     if (!user.active) {
       console.warn(`[Nuxt Users] Inactive user attempted Google OAuth login: ${user.email}`)
@@ -68,32 +76,23 @@ export default defineEventHandler(async (event) => {
 
     setCookie(event, 'auth_token', token, cookieOptions)
 
-    // Update last login time
-    const { useDb } = await import('../../../../utils/db')
-    const db = await useDb(options)
-    await db.sql`
-      UPDATE {${options.tables.users}} 
-      SET last_login_at = CURRENT_TIMESTAMP 
-      WHERE id = ${user.id}
-    `
-
     console.log(`[Nuxt Users] Google OAuth login successful for user: ${user.email}`)
 
     // Redirect to success page
     const successRedirect = options.auth.google.successRedirect || '/'
     return sendRedirect(event, successRedirect)
-
-  } catch (error) {
+  }
+  catch (error) {
     console.error('[Nuxt Users] Google OAuth callback error:', error)
     const errorRedirect = options.auth.google?.errorRedirect || '/login?error=oauth_failed'
     return sendRedirect(event, errorRedirect)
   }
 })
 
 // Helper function to get request URL
-function getRequestURL(event: any) {
+const getRequestURL = (event: H3Event) => {
   const headers = event.node.req.headers
   const host = headers.host || headers[':authority']
-  const protocol = headers['x-forwarded-proto'] || (event.node.req.socket?.encrypted ? 'https' : 'http')
+  const protocol = headers['x-forwarded-proto'] || 'https'
   return new URL(`${protocol}://${host}`)
-}
+}

src/runtime/server/utils/add-google-oauth-fields.ts

@@ -11,7 +11,7 @@ export const addGoogleOauthFields = async (options: ModuleOptions) => {
   if (connectorName === 'sqlite' || connectorName === 'mysql' || connectorName === 'postgresql') {
     // Try to add the columns, ignore errors if they already exist
     try {
-      await db.sql`ALTER TABLE {${tableName}} ADD COLUMN google_id TEXT UNIQUE`
+      await db.sql`ALTER TABLE {${tableName}} ADD COLUMN google_id TEXT`
       console.log('[Nuxt Users] Added google_id column ✅')
     }
     catch (error) {

src/runtime/server/utils/google-oauth.ts

@@ -74,9 +74,10 @@ export async function generateSecurePassword(): Promise<string> {
 export async function findOrCreateGoogleUser(
   googleUser: GoogleUserInfo, 
   moduleOptions: ModuleOptions
-): Promise<User> {
+): Promise<User | null> {
   const db = await useDb(moduleOptions)
   const usersTable = moduleOptions.tables.users
+  const allowAutoRegistration = moduleOptions.auth.google?.allowAutoRegistration ?? false
 
   // First, try to find existing user by google_id
   let userResult = await db.sql`
@@ -122,6 +123,11 @@ export async function findOrCreateGoogleUser(
     return user
   }
 
+  // Check if auto-registration is allowed
+  if (!allowAutoRegistration) {
+    return null
+  }
+
   // Create new user
   const securePassword = await generateSecurePassword()
 

src/types.ts

@@ -44,6 +44,12 @@ export interface GoogleOAuthOptions {
    * @default ['openid', 'profile', 'email']
    */
   scopes?: string[]
+  /**
+   * Allow automatic user registration when logging in with Google for the first time
+   * If false, only existing users with matching email can log in with Google
+   * @default false
+   */
+  allowAutoRegistration?: boolean
 }
 
 export interface RuntimeModuleOptions {