fix pending users approval

logic/users.go

@@ -137,8 +137,6 @@ func InsertUserInvite(invite models.UserInvite) error {
 	return database.Insert(invite.Email, string(data), database.USER_INVITES_TABLE_NAME)
 }
 
-func ImportGroupsFromInvite() {}
-
 func GetUserInvite(email string) (in models.UserInvite, err error) {
 	d, err := database.FetchRecord(database.USER_INVITES_TABLE_NAME, email)
 	if err != nil {

pro/auth/azure-ad.go

@@ -67,10 +67,7 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthNotConfigured(w)
 		return
 	}
-	if !isEmailAllowed(content.UserPrincipalName) {
-		handleOauthUserNotAllowedToSignUp(w)
-		return
-	}
+
 	var inviteExists bool
 	// check if invite exists for User
 	in, err := logic.GetUserInvite(content.UserPrincipalName)
@@ -100,6 +97,10 @@ func handleAzureCallback(w http.ResponseWriter, r *http.Request) {
 				logic.DeleteUserInvite(user.UserName)
 				logic.DeletePendingUser(content.UserPrincipalName)
 			} else {
+				if !isEmailAllowed(content.UserPrincipalName) {
+					handleOauthUserNotAllowedToSignUp(w)
+					return
+				}
 				err = logic.InsertPendingUser(&models.User{
 					UserName: content.UserPrincipalName,
 				})

pro/auth/github.go

@@ -67,10 +67,7 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthNotConfigured(w)
 		return
 	}
-	if !isEmailAllowed(content.Login) {
-		handleOauthUserNotAllowedToSignUp(w)
-		return
-	}
+
 	var inviteExists bool
 	// check if invite exists for User
 	in, err := logic.GetUserInvite(content.Login)
@@ -99,6 +96,10 @@ func handleGithubCallback(w http.ResponseWriter, r *http.Request) {
 				logic.DeleteUserInvite(user.UserName)
 				logic.DeletePendingUser(content.Login)
 			} else {
+				if !isEmailAllowed(content.Login) {
+					handleOauthUserNotAllowedToSignUp(w)
+					return
+				}
 				err = logic.InsertPendingUser(&models.User{
 					UserName: content.Login,
 				})

pro/auth/google.go

@@ -70,10 +70,7 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	logger.Log(0, "CALLBACK ----> 1")
-	if !isEmailAllowed(content.Email) {
-		handleOauthUserNotAllowedToSignUp(w)
-		return
-	}
+
 	logger.Log(0, "CALLBACK ----> 2")
 	var inviteExists bool
 	// check if invite exists for User
@@ -107,6 +104,10 @@ func handleGoogleCallback(w http.ResponseWriter, r *http.Request) {
 				logic.DeleteUserInvite(user.UserName)
 				logic.DeletePendingUser(content.Email)
 			} else {
+				if !isEmailAllowed(content.Email) {
+					handleOauthUserNotAllowedToSignUp(w)
+					return
+				}
 				err = logic.InsertPendingUser(&models.User{
 					UserName: content.Email,
 				})

pro/auth/oidc.go

@@ -80,10 +80,7 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 		handleOauthNotConfigured(w)
 		return
 	}
-	if !isEmailAllowed(content.Email) {
-		handleOauthUserNotAllowedToSignUp(w)
-		return
-	}
+
 	var inviteExists bool
 	// check if invite exists for User
 	in, err := logic.GetUserInvite(content.Login)
@@ -112,6 +109,10 @@ func handleOIDCCallback(w http.ResponseWriter, r *http.Request) {
 				logic.DeleteUserInvite(user.UserName)
 				logic.DeletePendingUser(content.Email)
 			} else {
+				if !isEmailAllowed(content.Email) {
+					handleOauthUserNotAllowedToSignUp(w)
+					return
+				}
 				err = logic.InsertPendingUser(&models.User{
 					UserName: content.Email,
 				})

pro/controllers/users.go

@@ -1237,8 +1237,9 @@ func approvePendingUser(w http.ResponseWriter, r *http.Request) {
 				return
 			}
 			if err = logic.CreateUser(&models.User{
-				UserName: user.UserName,
-				Password: newPass,
+				UserName:       user.UserName,
+				Password:       newPass,
+				PlatformRoleID: models.ServiceUser,
 			}); err != nil {
 				logic.ReturnErrorResponse(w, r, logic.FormatError(fmt.Errorf("failed to create user: %s", err), "internal"))
 				return