feat: openid connect support (#2873)

2026-01-19 14:19:48 +00:00 · 2024-03-12 17:40:07 +00:00
--- a/app/views/users/_form.html.haml
+++ b/app/views/users/_form.html.haml
@@ -11,11 +11,25 @@
      .fieldSet__input= f.text_field :last_name, :class => 'input input--text'
    .fieldSet__field
      = f.label :email_address, :class => 'fieldSet__label'
-      .fieldSet__input= f.text_field :email_address, :class => 'input input--text', autocomplete: 'one-time-code'
-    - unless @user.persisted?
+      .fieldSet__input
+        = f.text_field :email_address, :class => 'input input--text', autocomplete: 'one-time-code'
+        - if Postal::Config.oidc.enabled?
+          %p.fieldSet__text
+            This e-mail address should match the address provided by your OpenID Connect identity provider.
+
+    
+    - if Postal::Config.oidc.local_authentication_enabled? && !@user.persisted?
      .fieldSet__field
        = f.label :password, :class => 'fieldSet__label'
-        .fieldSet__input= f.password_field :password, :class => 'input input--text', :placeholder => '•••••••••••', autocomplete: 'one-time-code'
+        .fieldSet__input
+          = f.password_field :password, :class => 'input input--text', :placeholder => '•••••••••••', autocomplete: 'one-time-code'
+          - if Postal::Config.oidc.enabled?
+            %p.fieldSet__text
+              You have enabled OIDC which means a password is not required. If you do not provide
+              a password this user will be matched to an OIDC identity based on the e-mail address
+              provided above. You may, however, enter a password and this user will be permitted to
+              use that password until they have successfully logged in with OIDC.
+        
      .fieldSet__field
        = f.label :password_confirmation, "Confirm".html_safe, :class => 'fieldSet__label'
        .fieldSet__input= f.password_field :password_confirmation, :class => 'input input--text', :placeholder => '•••••••••••', autocomplete: 'one-time-code'
--- a/app/views/users/index.html.haml
+++ b/app/views/users/index.html.haml
@@ -7,15 +7,20 @@
  %ul.userList.u-margin
    - for user in @users
      %li.userList__item
-        = image_tag user.avatar_url, :class => 'userList__avatar'
        .userList__details
          %p.userList__name
            = user.name
            - if user.admin?
-              %span.userList__admin.label Admin
+              %span.userList__tag.label.label--blue Admin
+            - if Postal::Config.oidc.enabled?
+              - if user.oidc?
+                %span.userList__tag.label.label--green OIDC
+              - elsif !Postal::Config.oidc.local_authentication_enabled?
+                %span.userList__tag.label.label--orange Pending
+              
          %p.userList__email= user.email_address
        %ul.userList__actions
-          %li= link_to "Edit permissions", [:edit, user]
+          %li= link_to "Edit user", [:edit, user]
          %li= link_to "Delete user", user, :method => :delete, :data => {:confirm => "Are you sure you wish to revoke #{user.name}'s access?", :disable_with => "Deleting..."}, :remote => true, :class => 'userList__revoke'

  %p.u-center= link_to "Add a new user", :new_user, :class => 'button button--positive'