fix(auth): preserve backward-compatible oauth defaults

2026-04-22 11:17:32 +08:00
parent dd314c41e3
commit 84628108fc
18 changed files with 661 additions and 142 deletions
--- a/frontend/src/components/user/profile/ProfileIdentityBindingsSection.vue
+++ b/frontend/src/components/user/profile/ProfileIdentityBindingsSection.vue
@@ -362,6 +362,16 @@ function getBindingDetails(provider: UserAuthProvider): UserAuthBindingStatus |
  return binding
 }

+function isProviderEnabledForBinding(provider: BindableProvider): boolean {
+  if (provider === 'linuxdo') {
+    return props.linuxdoEnabled
+  }
+  if (provider === 'oidc') {
+    return props.oidcEnabled
+  }
+  return resolvedWeChatBinding.value.mode !== null
+}
+
 const providerItems = computed(() => [
  {
    provider: 'email' as const,
@@ -375,7 +385,10 @@ const providerItems = computed(() => [
    provider: 'linuxdo' as const,
    label: t('profile.authBindings.providers.linuxdo'),
    bound: getBindingStatus('linuxdo'),
-    canBind: getBindingDetails('linuxdo')?.can_bind ?? (props.linuxdoEnabled && !getBindingStatus('linuxdo')),
+    canBind:
+      !getBindingStatus('linuxdo') &&
+      isProviderEnabledForBinding('linuxdo') &&
+      (getBindingDetails('linuxdo')?.can_bind ?? true),
    canUnbind: Boolean(getBindingStatus('linuxdo') && getBindingDetails('linuxdo')?.can_unbind),
    details: getBindingDetails('linuxdo'),
  },
@@ -383,7 +396,10 @@ const providerItems = computed(() => [
    provider: 'oidc' as const,
    label: t('profile.authBindings.providers.oidc', { providerName: props.oidcProviderName }),
    bound: getBindingStatus('oidc'),
-    canBind: getBindingDetails('oidc')?.can_bind ?? (props.oidcEnabled && !getBindingStatus('oidc')),
+    canBind:
+      !getBindingStatus('oidc') &&
+      isProviderEnabledForBinding('oidc') &&
+      (getBindingDetails('oidc')?.can_bind ?? true),
    canUnbind: Boolean(getBindingStatus('oidc') && getBindingDetails('oidc')?.can_unbind),
    details: getBindingDetails('oidc'),
  },
@@ -391,7 +407,10 @@ const providerItems = computed(() => [
    provider: 'wechat' as const,
    label: t('profile.authBindings.providers.wechat'),
    bound: getBindingStatus('wechat'),
-    canBind: getBindingDetails('wechat')?.can_bind ?? (resolvedWeChatBinding.value.mode !== null && !getBindingStatus('wechat')),
+    canBind:
+      !getBindingStatus('wechat') &&
+      isProviderEnabledForBinding('wechat') &&
+      (getBindingDetails('wechat')?.can_bind ?? true),
    canUnbind: Boolean(getBindingStatus('wechat') && getBindingDetails('wechat')?.can_unbind),
    details: getBindingDetails('wechat'),
  },
--- a/frontend/src/components/user/profile/tests/ProfileIdentityBindingsSection.spec.ts
+++ b/frontend/src/components/user/profile/tests/ProfileIdentityBindingsSection.spec.ts
@@ -474,4 +474,26 @@ describe('ProfileIdentityBindingsSection', () => {
    expect(userApiMocks.unbindAuthIdentity).toHaveBeenCalledWith('linuxdo')
    expect(wrapper.get('[data-testid="profile-binding-linuxdo-status"]').text()).toBe('Not bound')
  })
+
+  it('hides bind actions when provider details say bindable but the provider is disabled', () => {
+    const wrapper = mount(ProfileIdentityBindingsSection, {
+      global: {
+        plugins: [pinia],
+      },
+      props: {
+        user: createUser({
+          auth_bindings: {
+            linuxdo: { bound: false, can_bind: true },
+            oidc: { bound: false, can_bind: true },
+          },
+        }),
+        linuxdoEnabled: false,
+        oidcEnabled: false,
+        wechatEnabled: false,
+      },
+    })
+
+    expect(wrapper.find('[data-testid="profile-binding-linuxdo-action"]').exists()).toBe(false)
+    expect(wrapper.find('[data-testid="profile-binding-oidc-action"]').exists()).toBe(false)
+  })
 })