Check if access requests are enabled before redirecting to auth provi…

…der (#62376)
sourcegraph · May 2, 2024 · a217a6a · a217a6a
1 parent 269e301
commit a217a6a
Show file tree

Hide file tree

Showing 4 changed files with 144 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -43,6 +43,7 @@ All notable changes to Sourcegraph are documented in this file.
 - Pinned code intel popovers and popovers opened via the keyboard are properly shown again. [#61966](https://github.com/sourcegraph/sourcegraph/pull/61966)
 - Syntax highlighting works correctly for JSX files. [#62027](https://github.com/sourcegraph/sourcegraph/pull/62027)
 - Changesets with a skipped CI check are now incorrectly displayed in the Batch Changes UI. [#62204](https://github.com/sourcegraph/sourcegraph/pull/62204)
+- Fixed the Sourcegraph login page auto-redirecting to the single auth provider when request access is enabled. [#62376](https://github.com/sourcegraph/sourcegraph/pull/62376)
 
 ## 5.3.12303
 

diff --git a/client/web/src/auth/SignInPage.test.tsx b/client/web/src/auth/SignInPage.test.tsx
@@ -62,6 +62,7 @@ describe('SignInPage', () => {
             sourcegraphDotComMode?: SourcegraphContext['sourcegraphDotComMode']
             allowSignup?: SourcegraphContext['allowSignup']
             primaryLoginProvidersCount?: SourcegraphContext['primaryLoginProvidersCount']
+            authAccessRequest?: SourcegraphContext['authAccessRequest']
         }
     ) =>
         renderWithBrandedContext(
@@ -78,6 +79,7 @@ describe('SignInPage', () => {
                                 resetPasswordEnabled: true,
                                 xhrHeaders: {},
                                 primaryLoginProvidersCount: props.primaryLoginProvidersCount ?? 5,
+                                authAccessRequest: props.authAccessRequest,
                             }}
                             telemetryRecorder={noOpTelemetryRecorder}
                         />
@@ -228,6 +230,45 @@ describe('SignInPage', () => {
         expect(render('/sign-in', { authenticatedUser: mockUser }).asFragment()).toMatchSnapshot()
     })
 
+    it('renders redirect when there is only 1 auth provider', () => {
+        const withGitHubProvider: SourcegraphContext['authProviders'] = [
+            {
+                serviceType: 'github',
+                displayName: 'GitHub',
+                isBuiltin: false,
+                authenticationURL: 'http://localhost/.auth/gitlab/login?pc=f00bar&returnTo=%2Fsearch',
+                serviceID: 'https://github.com',
+                clientID: '1234',
+                noSignIn: false,
+            },
+        ]
+
+        expect(render('/sign-in', { authProviders: withGitHubProvider }).asFragment()).toMatchSnapshot()
+    })
+
+    it('does not render redirect when there is only 1 auth provider with request access enabled', () => {
+        const withGitHubProvider: SourcegraphContext['authProviders'] = [
+            {
+                serviceType: 'github',
+                displayName: 'GitHub',
+                isBuiltin: false,
+                authenticationURL: 'http://localhost/.auth/gitlab/login?pc=f00bar&returnTo=%2Fsearch',
+                serviceID: 'https://github.com',
+                clientID: '1234',
+                noSignIn: false,
+            },
+        ]
+
+        expect(
+            render('/sign-in', {
+                authProviders: withGitHubProvider,
+                authAccessRequest: { enabled: true },
+                allowSignup: false,
+                sourcegraphDotComMode: false,
+            }).asFragment()
+        ).toMatchSnapshot()
+    })
+
     it('renders different prefix on provider buttons', () => {
         const providers = authProviders.map(provider => ({ ...provider, displayPrefix: 'Just login through' }))
 

diff --git a/client/web/src/auth/SignInPage.tsx b/client/web/src/auth/SignInPage.tsx
@@ -86,8 +86,8 @@ export const SignInPage: React.FunctionComponent<React.PropsWithChildren<SignInP
     }
 
     const thirdPartyAuthProviders = nonBuiltinAuthProviders.filter(provider => shouldShowProvider(provider))
-    // If there is only one auth provider that is going to be displayed, we want to redirect to it directly.
-    if (thirdPartyAuthProviders.length === 1 && !builtInAuthProvider) {
+    // If there is only one auth provider that is going to be displayed, and request access is disabled, we want to redirect to the auth provider directly.
+    if (thirdPartyAuthProviders.length === 1 && !builtInAuthProvider && !isRequestAccessAllowed) {
         // Add '?returnTo=' + encodeURIComponent(returnTo) to thirdPartyAuthProviders[0].authenticationURL in a safe way.
         const redirectUrl = new URL(thirdPartyAuthProviders[0].authenticationURL, window.location.href)
         if (returnTo) {

diff --git a/client/web/src/auth/__snapshots__/SignInPage.test.tsx.snap b/client/web/src/auth/__snapshots__/SignInPage.test.tsx.snap