Merge pull request #4 from amromedllc/sso-login

Sso login
3 months ago · d52f5d05ec
parent deb9f8b8be 2c0959e816
commit d52f5d05ec
1 changed files with 22 additions and 18 deletions
--- a/app/controllers/sso_login_controller.rb
+++ b/app/controllers/sso_login_controller.rb
@ -65,38 +65,42 @@ class SsoLoginController < ApplicationController
    end
  
    def find_or_create_user(email, first_name, last_name, company_id = nil, company_name = nil)
-      # Find or create account based on company_id
-      account = find_or_create_account_by_company(company_id, company_name)
-  
      # Try to find existing user by email (email is unique globally)
      user = User.find_by(email: email)
  
      if user
-        # User exists - check if they're in the correct account
-        if user.account_id != account.id
-          # User exists but in a different account
-          # Move user to the correct account if company_id is provided
-          if company_id.present?
-            Rails.logger.info("Moving user #{email} from account #{user.account_id} to account #{account.id} (company_id: #{company_id})")
-            user.update(account_id: account.id)
-          else
-            # If no company_id provided, keep user in existing account but log warning
-            Rails.logger.warn("User #{email} exists in account #{user.account_id} but company_id not provided in token")
-            account = user.account # Use existing account
+        # User exists - KEEP them in their existing account
+        # Don't move users between accounts to preserve their data (files, templates, etc.)
+        account = user.account
+        Rails.logger.info("User #{email} exists in account #{account.id} (#{account.name}). Keeping in existing account.")
+        
+        # Log if company_id points to a different account (for debugging)
+        if company_id.present? || company_name.present?
+          expected_account = find_or_create_account_by_company(company_id, company_name)
+          if expected_account && user.account_id != expected_account.id
+            Rails.logger.warn("User #{email} is in account #{user.account_id} but company_id #{company_id} points to account #{expected_account.id}. User kept in existing account to preserve data.")
          end
        end
  
-        # Update user info if provided and different
+        # Don't update name from SSO token for existing users
+        # This preserves user's manually updated profile information
+        # Only update if name fields are empty (initial setup)
        update_attrs = {}
-        update_attrs[:first_name] = first_name if first_name.present? && user.first_name != first_name
-        update_attrs[:last_name] = last_name if last_name.present? && user.last_name != last_name
+        if user.first_name.blank? && first_name.present?
+          update_attrs[:first_name] = first_name
+        end
+        if user.last_name.blank? && last_name.present?
+          update_attrs[:last_name] = last_name
+        end
        
        user.update(update_attrs) if update_attrs.any?
  
        return user
      end
  
-      # User doesn't exist, create a new one in the specified account
+      # User doesn't exist - create account based on company_id and create new user
+      account = find_or_create_account_by_company(company_id, company_name)
+  
      # Generate a random password for the new user
      password = SecureRandom.hex(16)