forked from Nixius/authelia
Show welcome page for any user not yet in customers group
Previously, users already in LDAP but not yet activated (e.g. webhook created the user, or lapsed sub) were redirected to the auth-gated dashboard. Now only active customers (in 'customers' group) skip the welcome page — everyone else sees onboarding with password reset. Made-with: Cursor
This commit is contained in:
parent
c7d19ed20d
commit
aa1201560d
SSH Key Fingerprint:
SHA256:nRPCQTeMFLdGytxRQmPVK9VXY3/ePKQ5lGRyJhT5DY8
|
|
@ -72,30 +72,17 @@ func (a *App) handleSuccess(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
// Check if user is already an active customer (resubscribe case)
|
||||
inGroup, _ := a.ldap.IsInGroup(result.Username, "customers")
|
||||
if inGroup {
|
||||
// Returning customer: ensure stack exists, go to dashboard
|
||||
stackName := fmt.Sprintf("customer-%s", result.Username)
|
||||
exists, _ := a.swarm.StackExists(stackName)
|
||||
if !exists {
|
||||
if err := a.swarm.DeployStack(stackName, result.Username, a.cfg.TraefikDomain); err != nil {
|
||||
log.Printf("resubscribe: stack deploy failed for %s: %v", result.Username, err)
|
||||
}
|
||||
}
|
||||
log.Printf("resubscribe: %s payment verified, redirecting to dashboard", result.Username)
|
||||
http.Redirect(w, r, a.cfg.AppURL+"/dashboard", http.StatusSeeOther)
|
||||
return
|
||||
}
|
||||
|
||||
if result.IsNew || !inGroup {
|
||||
// New or lapsed customer: send password setup email, show onboarding.
|
||||
// Group membership and stack deploy happen on /activate after they set a password.
|
||||
// Group membership and stack deploy happen on /activate after they log in.
|
||||
if err := a.triggerPasswordReset(result.Username); err != nil {
|
||||
log.Printf("authelia reset trigger failed for %s: %v", username, err)
|
||||
}
|
||||
data := map[string]any{
|
||||
"Username": result.Username,
|
||||
"IsNew": true,
|
||||
"IsNew": result.IsNew,
|
||||
"Email": email,
|
||||
"LoginURL": a.cfg.AutheliaURL,
|
||||
"ResetURL": a.cfg.AutheliaURL + "/#/reset-password/step1",
|
||||
|
|
@ -107,6 +94,19 @@ func (a *App) handleSuccess(w http.ResponseWriter, r *http.Request) {
|
|||
log.Printf("template error: %v", err)
|
||||
http.Error(w, "internal error", http.StatusInternalServerError)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
// Returning active customer: ensure stack exists, go to dashboard
|
||||
stackName := fmt.Sprintf("customer-%s", result.Username)
|
||||
exists, _ := a.swarm.StackExists(stackName)
|
||||
if !exists {
|
||||
if err := a.swarm.DeployStack(stackName, result.Username, a.cfg.TraefikDomain); err != nil {
|
||||
log.Printf("resubscribe: stack deploy failed for %s: %v", result.Username, err)
|
||||
}
|
||||
}
|
||||
log.Printf("resubscribe: %s payment verified, redirecting to dashboard", result.Username)
|
||||
http.Redirect(w, r, a.cfg.AppURL+"/dashboard", http.StatusSeeOther)
|
||||
}
|
||||
|
||||
func (a *App) handlePortal(w http.ResponseWriter, r *http.Request) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue