🔒 fix: Provider Validation for Social, OpenID, SAML, and LDAP Logins (#8999)

* fix: social login provider crossover * feat: Enhance OpenID login handling and add tests for provider validation * refactor: authentication error handling to use ErrorTypes.AUTH_FAILED enum * refactor: update authentication error handling in LDAP and SAML strategies to use ErrorTypes.AUTH_FAILED enum * ci: Add validation for login with existing email and different provider in SAML strategy chore: Add logging for existing users with different providers in LDAP, SAML, and Social Login strategies
2025-09-22 06:00:56 +02:00 · 2025-08-11 18:49:34 -04:00 · 2025-08-11 18:49:34 -04:00 · 1ccac58403
commit 1ccac58403
parent 04d74a7e07
18 changed files with 314 additions and 125 deletions
--- a/client/src/components/Auth/Login.tsx
+++ b/client/src/components/Auth/Login.tsx
@ -1,6 +1,7 @@
-import { useOutletContext, useSearchParams } from 'react-router-dom';
 import { useEffect, useState } from 'react';
-import { OpenIDIcon } from '@librechat/client';
+import { ErrorTypes } from 'librechat-data-provider';
+import { OpenIDIcon, useToastContext } from '@librechat/client';
+import { useOutletContext, useSearchParams } from 'react-router-dom';
 import type { TLoginLayoutContext } from '~/common';
 import { ErrorMessage } from '~/components/Auth/ErrorMessage';
 import SocialButton from '~/components/Auth/SocialButton';
@ -11,6 +12,7 @@ import LoginForm from './LoginForm';

 function Login() {
  const localize = useLocalize();
+  const { showToast } = useToastContext();
  const { error, setError, login } = useAuthContext();
  const { startupConfig } = useOutletContext<TLoginLayoutContext>();

@ -21,6 +23,19 @@ function Login() {
  // Persist the disable flag locally so that once detected, auto-redirect stays disabled.
  const [isAutoRedirectDisabled, setIsAutoRedirectDisabled] = useState(disableAutoRedirect);

+  useEffect(() => {
+    const oauthError = searchParams?.get('error');
+    if (oauthError && oauthError === ErrorTypes.AUTH_FAILED) {
+      showToast({
+        message: localize('com_auth_error_oauth_failed'),
+        status: 'error',
+      });
+      const newParams = new URLSearchParams(searchParams);
+      newParams.delete('error');
+      setSearchParams(newParams, { replace: true });
+    }
+  }, [searchParams, setSearchParams, showToast, localize]);
+
  // Once the disable flag is detected, update local state and remove the parameter from the URL.
  useEffect(() => {
    if (disableAutoRedirect) {
--- a/client/src/locales/en/translation.json
+++ b/client/src/locales/en/translation.json
@ -107,6 +107,7 @@
  "com_auth_error_login_rl": "Too many login attempts in a short amount of time. Please try again later.",
  "com_auth_error_login_server": "There was an internal server error. Please wait a few moments and try again.",
  "com_auth_error_login_unverified": "Your account has not been verified. Please check your email for a verification link.",
+  "com_auth_error_oauth_failed": "Authentication failed. Please check your login method and try again.",
  "com_auth_facebook_login": "Continue with Facebook",
  "com_auth_full_name": "Full name",
  "com_auth_github_login": "Continue with Github",