fix(SSO): only allow SSO email when registering TASK-1493 #5478
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rgraber
changed the title
rgraber
changed the title
rgraber
changed the title
noliveleger
pushed a commit
that referenced
this pull request
Apr 4, 2025
### π£ Summary Do not allow SSO users to register with a different email then the one provided by the server. ### π Description Make the `email` field readonly when creating an account with SSO. ### π Notes This was originally a setting, but we've decided we want the field to always be read-only. In addition to the UI change, this PR also adds a validator on the email field to make sure that no one can register with a different email via a clever POST request. The error message will require translation. This should also fix TASK-1493. ### π Preview steps Bug template: 1. βΉοΈ Enable Kobo Google Apps SSO 2. On the login page, click `Create an account` -> `Register with SSO` -> `Log In` 3. Sign in to your Google account 4. π΄ [on main] Change the email field in the registration form and click 'Register and Save' 5. π΄ [on main] Go to Account Settings -> Security. Under the email address you'll see "Check your email <new_email>. A verification link has been sent to confirm your ownership. Once confirmed, this address will replace <correct_email>" 6. π’ [on PR] The email field is read-only
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ποΈ Checklist
<type>(<scope>)<!>: <title> TASK-1234frontendorbackendunless it's globalπ£ Summary
Do not allow SSO users to register with a different email then the one provided by the server.
π Description
Make the
emailfield readonly when creating an account with SSO.π Notes
This was originally a setting, but we've decided we want the field to always be read-only. In addition to the UI change, this PR also adds a validator on the email field to make sure that no one can register with a different email via a clever POST request. The error message will require translation.
This should also fix TASK-1493.
π Preview steps
Bug template:
Create an account->Register with SSO->Log In