( r *http.Request, db *storage.Connection, userData *provider.UserProvidedData, providerType string, )
| 50 | } |
| 51 | |
| 52 | func (a *API) triggerBeforeUserCreatedExternal( |
| 53 | r *http.Request, |
| 54 | db *storage.Connection, |
| 55 | userData *provider.UserProvidedData, |
| 56 | providerType string, |
| 57 | ) error { |
| 58 | if !a.hooksMgr.Enabled(v0hooks.BeforeUserCreated) { |
| 59 | return nil |
| 60 | } |
| 61 | if err := checkTX(db); err != nil { |
| 62 | return err |
| 63 | } |
| 64 | |
| 65 | ctx := r.Context() |
| 66 | aud := a.requestAud(ctx, r) |
| 67 | config := a.config |
| 68 | |
| 69 | var identityData map[string]interface{} |
| 70 | if userData.Metadata != nil { |
| 71 | identityData = structs.Map(userData.Metadata) |
| 72 | } |
| 73 | |
| 74 | var ( |
| 75 | err error |
| 76 | decision models.AccountLinkingResult |
| 77 | ) |
| 78 | err = db.Transaction(func(tx *storage.Connection) error { |
| 79 | decision, err = models.DetermineAccountLinking( |
| 80 | tx, config, userData.Emails, aud, |
| 81 | providerType, userData.Metadata.Subject) |
| 82 | if err != nil { |
| 83 | return err |
| 84 | } |
| 85 | return nil |
| 86 | }) |
| 87 | if err != nil { |
| 88 | return err |
| 89 | } |
| 90 | |
| 91 | if decision.Decision != models.CreateAccount { |
| 92 | return nil |
| 93 | } |
| 94 | if config.DisableSignup { |
| 95 | return apierrors.NewUnprocessableEntityError( |
| 96 | apierrors.ErrorCodeSignupDisabled, |
| 97 | "Signups not allowed for this instance") |
| 98 | } |
| 99 | |
| 100 | params := &SignupParams{ |
| 101 | Provider: providerType, |
| 102 | Email: decision.CandidateEmail.Email, |
| 103 | Aud: aud, |
| 104 | Data: identityData, |
| 105 | } |
| 106 | |
| 107 | isSSOUser := false |
| 108 | if strings.HasPrefix(decision.LinkingDomain, "sso:") { |
| 109 | isSSOUser = true |
no test coverage detected