Hi developers & maintainers,
Thanks for keeping this plugin update-to-date 👍
I have a proposal on whether we could verify users from SSO.
There is already a related topic has been discussed in NodeBB community already, but there is still a small problem.
Problem & scenario
Example if the user uses SSO to log in. As an admin, I would like to find that user from ACP, e.g: to delete account.
I search for that email address and no user found. I checked the logic from NodeBB core and it's seems that this logic cannot trigger user object creation.
If I go to the user profile, also no email history is found!
Suggestion (or what I've done)
From this plugin, we could properly write auth logic here. Let's say I would tell user to verify themself first:
if(typeof data.email_verified === "undefined" || data.email_verified === false) { var err_a = new Error('Email address is not verified'); err_a.loginheader = 'Your email address has not yet been verified.' err_a.logintext = 'Check your email for further instructions. <a href="'+config.login_domain+'/confirm_resend?redirect_uri='+config.url+'/login">Resend the instructions to your email</a>'; console.log(err_a) return callback(err_a, null); }
Eventually, it makes sense that we should verify them as a verified user here by adding below code.
await User.setUserField(uid, 'email', payload.email); await UserEmail.confirmByUid(uid);
Now if the user enters the Forum, new joiners got email verified and also we could find him from ACP.
P/s: I'm not sure whether this improvement should be done from NodeBB core, or even here...It's open discussion.
I used NodeBB 2.8.0 with the latest SSO plugin.