Skip to content

feat(auth): add GitLab OAuth login and harden Google/GitHub sign-in#235

Merged
parth0025 merged 1 commit into
stagingfrom
feat/oauth-gitlab
Jun 11, 2026
Merged

feat(auth): add GitLab OAuth login and harden Google/GitHub sign-in#235
parth0025 merged 1 commit into
stagingfrom
feat/oauth-gitlab

Conversation

@parth0025

Copy link
Copy Markdown
Collaborator

What changed

Adds GitLab as a third social-login provider, and fixes the existing Google/GitHub login so server-side verification actually runs.

GitLab (new)

  • Modules/gitlabOAuth/ — authorization-code → token exchange (sends the redirect_uri GitLab requires).
  • verifyGitlabAuth in authHelpers.js — re-verifies the identity against GitLab /user before issuing a session; gitlab-signup endpoint for invitation signups; gitlabId added to the userAuth schema.
  • Frontend GitlabAuth.vue + tanuki icon, wired into the provider list (gated by VUE_APP_IS_GITLAB_LOGIN).
  • Self-managed GitLab supported via GITLAB_BASE_OAUTH_URL / GITLAB_BASE_API_URL.

Google / GitHub (fix)

  • The client now forwards the Google id-token and the GitHub access token, so the hardened backend verification path runs instead of rejecting every login.
  • The Google verifier accepts a single configured client id (GOOGLE_CLIENT_ID) rather than the orphaned GOOGLE_OAUTH_CLIENT_ID.
  • GitHub and GitLab both return via ?code=; each redirect handler now ignores the other provider''s code so they no longer collide.

Docs / tests

  • .env.example documents every OAuth var for all three providers.
  • .claude/test-cases/OAuthGoogleLogin.md, OAuthGithubLogin.md, OAuthGitlabLogin.md — manual test cases with the provider app-configuration steps, console URLs, and env-var tables.

Verification

  • ESLint clean on all changed frontend files; backend modules runtime-load with STORAGE_TYPE set; index.js syntax OK; jest suite passes.
  • Manually tested in the browser: Google, GitHub, and GitLab login all working (per the user); the three buttons render together.

No secrets are committed — .env / frontend/.env are gitignored; only the empty-placeholder .env.example is included.

🤖 Generated with Claude Code

Adds GitLab as a third social-login provider alongside Google and
GitHub: a token-exchange module, server-side identity verification
against GitLab /user, a gitlab-signup endpoint, the gitlabId field on
the auth record, and a GitLab button on the login and invitation pages.

Also reconciles the existing Google/GitHub flows so verification
actually runs: the client now forwards the Google id-token and the
GitHub/GitLab access token, the backend accepts a single configured
client id, and the GitHub/GitLab redirect handlers each ignore the
other provider's code so they no longer collide.

Manual test cases (with provider app-configuration steps and URLs) for
all three providers are added under .claude/test-cases.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jun 11, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: e6954ffd-f0a2-4fdd-8851-0da4bff09099

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/oauth-gitlab

Comment @coderabbitai help to get the list of available commands and usage tips.

@parth0025 parth0025 self-assigned this Jun 11, 2026
@parth0025 parth0025 added the enhancement New feature or request label Jun 11, 2026
@parth0025 parth0025 merged commit 65a66e7 into staging Jun 11, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant