From 12db5e285e3f6e57f8de55cd954291a808775ba6 Mon Sep 17 00:00:00 2001
From: michaeljguarino <mjg@plural.sh>
Date: Tue, 17 Sep 2024 00:00:50 -0400
Subject: [PATCH] Fix sso login

The login method validation technically fails for SSO (which means us lol).  We can trust that login source better than other 3p
auth providers so don't validate login method there.
---
 apps/core/lib/core/services/users.ex   |  6 +++---
 apps/core/test/services/users_test.exs | 12 ++++++++++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/apps/core/lib/core/services/users.ex b/apps/core/lib/core/services/users.ex
index d01a9978c..b0d765adc 100644
--- a/apps/core/lib/core/services/users.ex
+++ b/apps/core/lib/core/services/users.ex
@@ -367,13 +367,13 @@ defmodule Core.Services.Users do
   """
   @spec bootstrap_user(Core.OAuth.method, map) :: user_resp
   def bootstrap_user(service, %{email: email} = attrs) do
-    case get_user_by_email(email) do
-      nil ->
+    case {service, get_user_by_email(email)} do
+      {_, nil} ->
         attrs
         |> Map.merge(login_args(service))
         |> Map.put(:password, Ecto.UUID.generate())
         |> create_user()
-      %User{login_method: ^service} = user ->
+      {service, %User{login_method: svc} = user} when service == :sso or service == svc ->
         update_user(login_args(service), user)
       _ -> {:error, "you don't have login with #{service} enabled"}
     end
diff --git a/apps/core/test/services/users_test.exs b/apps/core/test/services/users_test.exs
index 8caa07b93..f610408ca 100644
--- a/apps/core/test/services/users_test.exs
+++ b/apps/core/test/services/users_test.exs
@@ -514,7 +514,7 @@ defmodule Core.Services.UsersTest do
     end
   end
 
-  describe "#bootstrap_users/2" do
+  describe "#bootstrap_user/2" do
     test "it will create new users and set login method" do
       {:ok, user} = Users.bootstrap_user(:google, %{email: "someone@gmail.com", name: "New User"})
 
@@ -532,11 +532,19 @@ defmodule Core.Services.UsersTest do
       assert upd.login_method == :google
     end
 
-    test "it will not allow logins w/o login method set" do
+    test "it will not allow logins w/o correct login method set" do
       user = insert(:user)
 
       {:error, _} = Users.bootstrap_user(:google, %{email: user.email})
     end
+
+    test "it will allow sso logins w/ whatever login method set" do
+      user = insert(:user)
+
+      {:ok, upd} = Users.bootstrap_user(:sso, %{email: user.email})
+
+      assert upd.id == user.id
+    end
   end
 
   describe "#create_trust_relationship" do