Skip to content

Commit f98c89b

Browse files
brendan-kellambrendan-kellam
committed
Add back AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING. Change default to true
1 parent 6492abf commit f98c89b

File tree

3 files changed

+15
-18
lines changed

3 files changed

+15
-18
lines changed

docs/docs/configuration/environment-variables.mdx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ The following environment variables allow you to configure your Sourcebot deploy
4545
| `AUTH_EE_GCP_IAP_ENABLED` | `false` | <p>When enabled, allows Sourcebot to automatically register/login from a successful GCP IAP redirect</p> |
4646
| `AUTH_EE_GCP_IAP_AUDIENCE` | - | <p>The GCP IAP audience to use when verifying JWT tokens. Must be set to enable GCP IAP JIT provisioning</p> |
4747
| `EXPERIMENT_EE_PERMISSION_SYNC_ENABLED` | `false` | <p>Enables [permission syncing](/docs/features/permission-syncing).</p> |
48+
| `AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING` | `true` | <p>When enabled, different SSO accounts with the same email address will automatically be linked.</p> |
4849

4950

5051
### Review Agent Environment Variables

packages/shared/src/env.server.ts

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -140,6 +140,11 @@ export const env = createEnv({
140140
AUTH_CREDENTIALS_LOGIN_ENABLED: booleanSchema.default('true'),
141141
AUTH_EMAIL_CODE_LOGIN_ENABLED: booleanSchema.default('false'),
142142

143+
// Enterprise Auth
144+
AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING:
145+
booleanSchema
146+
.default('true')
147+
.describe('When enabled, different SSO accounts with the same email address will automatically be linked.'),
143148

144149
AUTH_EE_GCP_IAP_ENABLED: booleanSchema.default('false'),
145150
AUTH_EE_GCP_IAP_AUDIENCE: z.string().optional(),
@@ -284,15 +289,6 @@ export const env = createEnv({
284289

285290
//// DEPRECATED ////
286291

287-
288-
/**
289-
* @deprecated This setting is deprecated. Email account linking is now always enabled.
290-
*/
291-
AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING:
292-
booleanSchema
293-
.default('false')
294-
.describe('This setting is deprecated. Email account linking is now always enabled.'),
295-
296292
/**
297293
* @deprecated This setting is deprecated. Please use the `identityProviders` section of the config file instead.
298294
*/

packages/web/src/ee/features/sso/sso.ts

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,7 @@ const createGitHubProvider = (clientId: string, clientSecret: string, baseUrl?:
156156
].join(' '),
157157
},
158158
},
159-
allowDangerousEmailAccountLinking: true,
159+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
160160
});
161161
}
162162

@@ -187,7 +187,7 @@ const createGitLabProvider = (clientId: string, clientSecret: string, baseUrl?:
187187
userinfo: {
188188
url: `${url}/api/v4/user`,
189189
},
190-
allowDangerousEmailAccountLinking: true,
190+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
191191
});
192192
}
193193

@@ -196,7 +196,7 @@ const createGoogleProvider = (clientId: string, clientSecret: string): Provider
196196
id: 'google' satisfies IdentityProviderType,
197197
clientId: clientId,
198198
clientSecret: clientSecret,
199-
allowDangerousEmailAccountLinking: true,
199+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
200200
});
201201
}
202202

@@ -206,7 +206,7 @@ const createOktaProvider = (clientId: string, clientSecret: string, issuer: stri
206206
clientId: clientId,
207207
clientSecret: clientSecret,
208208
issuer: issuer,
209-
allowDangerousEmailAccountLinking: true,
209+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
210210
});
211211
}
212212

@@ -216,7 +216,7 @@ const createKeycloakProvider = (clientId: string, clientSecret: string, issuer:
216216
clientId: clientId,
217217
clientSecret: clientSecret,
218218
issuer: issuer,
219-
allowDangerousEmailAccountLinking: true,
219+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
220220
});
221221
}
222222

@@ -226,7 +226,7 @@ const createMicrosoftEntraIDProvider = (clientId: string, clientSecret: string,
226226
clientId: clientId,
227227
clientSecret: clientSecret,
228228
issuer: issuer,
229-
allowDangerousEmailAccountLinking: true,
229+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
230230
});
231231
}
232232

@@ -249,7 +249,7 @@ const createBitbucketCloudProvider = (clientId: string, clientSecret: string): P
249249
].join(' '),
250250
},
251251
},
252-
allowDangerousEmailAccountLinking: true,
252+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
253253
});
254254
}
255255

@@ -317,7 +317,7 @@ const createBitbucketServerProvider = (clientId: string, clientSecret: string, b
317317
image: null,
318318
};
319319
},
320-
allowDangerousEmailAccountLinking: true,
320+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
321321
} as Provider;
322322
}
323323

@@ -327,7 +327,7 @@ export const createAuthentikProvider = (clientId: string, clientSecret: string,
327327
clientId: clientId,
328328
clientSecret: clientSecret,
329329
issuer: issuer,
330-
allowDangerousEmailAccountLinking: true,
330+
allowDangerousEmailAccountLinking: env.AUTH_EE_ALLOW_EMAIL_ACCOUNT_LINKING === 'true',
331331
});
332332
}
333333

0 commit comments

Comments
 (0)