fix: make sure AUTH_DISABLE_NEW_USERS is respected when using oauth (#…

…573) Fixes nhost/nhost#2914
nhost · Oct 11, 2024 · bbb97d4 · bbb97d4
1 parent 58dc724
commit bbb97d4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/src/routes/oauth/config.ts b/src/routes/oauth/config.ts
@@ -91,6 +91,9 @@ export const PROVIDERS_CONFIG: Record<
       client_id: process.env.AUTH_PROVIDER_AZUREAD_CLIENT_ID,
       client_secret: process.env.AUTH_PROVIDER_AZUREAD_CLIENT_SECRET,
       authorize_url: `${azureBaseUrl}/[subdomain]/oauth2/authorize`,
+      custom_params: {
+        prompt: 'select_account',
+      },
       access_url: `${azureBaseUrl}/[subdomain]/oauth2/token`,
       profile_url: `${azureBaseUrl}/[subdomain]/openid/userinfo`,
       subdomain: process.env.AUTH_PROVIDER_AZUREAD_TENANT || 'common',

diff --git a/src/routes/oauth/index.ts b/src/routes/oauth/index.ts
@@ -334,6 +334,7 @@ export const oauthProviders = Router()
         const userInput = await transformOauthProfile(profile, options);
         user = await insertUser({
           ...userInput,
+          disabled: ENV.AUTH_DISABLE_NEW_USERS,
           userProviders: {
             data: [
               {
@@ -349,6 +350,10 @@ export const oauthProviders = Router()
     }
 
     if (user) {
+      if (user.disabled) {
+        return sendError(res, 'disabled-user', { redirectTo }, true);
+      }
+
       const { refreshToken } = await getNewRefreshToken(user.id);
       // * redirect back user to app url
       return res.redirect(generateRedirectUrl(redirectTo, { refreshToken }));