[feature] overhaul the oidc system (#961)

* [feature] overhaul the oidc system this allows for more flexible username handling and prevents account takeover using old email addresses * [feature] add migration path for old OIDC users * [feature] nicer error reporting for users * [docs] document the new OIDC flow * [fix] return early on oidc error * [docs]: add comments on the finalization logic
2025-10-29 07:02:26 -05:00 · 2022-12-06 14:15:56 +01:00 · 2022-12-06 14:15:56 +01:00 · 199b685f43
commit 199b685f43
parent 1a3f26fb5c
20 changed files with 335 additions and 119 deletions
--- a/web/source/css/base.css
+++ b/web/source/css/base.css
@ -379,4 +379,18 @@ footer {

 .monospace {
 	font-family: monospace;
-}
+}
+
+.callout {
+	margin: 1.5rem 0;
+	border: .05rem solid $border-accent;
+	border-radius: .2rem;
+	padding: 0 .6rem .6rem;
+	.callout-title {
+		margin: 0 -.6rem;
+		padding: .6rem;
+		font-weight: bold;
+		background-color: $border-accent;
+		color: $gray1;
+	}
+}
--- a/web/template/finalize.tmpl
+++ b/web/template/finalize.tmpl
@ -0,0 +1,31 @@
+{{ template "header.tmpl" .}}
+    <main>
+        <form action="/oauth/finalize" method="POST">
+            <h1>Hi {{.name}}!</h1>
+            <p>
+              You are about to sign-up to {{ .instance.Title }} (<code>{{ .instance.URI }}</code>)
+              <br>
+              To ensure the best experience for you, we need you to provide some additional details.
+            </p>
+            {{if .error}}
+              <section class="error">
+                <span>❌</span> <pre>{{.error}}</pre>
+              </section>
+            {{end}}
+            <div class="callout">
+              <p class="callout-title">Important</p>
+              <p>Due to the way the ActivityPub standard works, you <strong>cannot</strong> change your username after it has been set.</p>
+            </div>
+            <div class="labelinput">
+                <label for="username">Username <small>(must contain only lowercase letters, numbers, and underscores)</small></label>
+                <input type="text"
+                       class="form-control"
+                       name="username"
+                       required
+                       placeholder="Please enter your desired username" value="{{ .preferredUsername }}">
+            </div>
+            <input type="hidden" name="name" value="{{ .name }}">
+            <button type="submit" style="width: 100%; margin-top: 1rem;" class="btn btn-success">Submit</button>
+        </form>
+    </main>
+{{ template "footer.tmpl" .}}