From ba24ff570a4a7bb57813d471ac73b2a7ae115bca Mon Sep 17 00:00:00 2001
From: Oliver <oliver.henry.walters@gmail.com>
Date: Mon, 5 Jun 2023 21:03:16 +1000
Subject: [PATCH] SSO bug fix (#4972)

* Catch SSO error

- If social application is not assigned to at least one site, errors happen
- Check if at least one site is enabled

* Docs updates

* Typo fix
---
 InvenTree/part/templatetags/sso.py | 14 +++++++++++++-
 docs/docs/settings/SSO.md          |  5 ++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/InvenTree/part/templatetags/sso.py b/InvenTree/part/templatetags/sso.py
index c5d02e45a7..024f16052c 100644
--- a/InvenTree/part/templatetags/sso.py
+++ b/InvenTree/part/templatetags/sso.py
@@ -1,5 +1,6 @@
 """This module provides template tags pertaining to SSO functionality"""
 
+import logging
 
 from django import template
 
@@ -7,6 +8,7 @@ from common.models import InvenTreeSetting
 from InvenTree.helpers import str2bool
 
 register = template.Library()
+logger = logging.getLogger('inventree')
 
 
 @register.simple_tag()
@@ -32,13 +34,23 @@ def sso_auto_enabled():
 def sso_check_provider(provider):
     """Return True if the given provider is correctly configured"""
 
+    import allauth.app_settings
     from allauth.socialaccount.models import SocialApp
 
     # First, check that the provider is enabled
-    if not SocialApp.objects.filter(provider__iexact=provider.name).exists():
+    apps = SocialApp.objects.filter(provider__iexact=provider.name)
+
+    if not apps.exists():
         return False
 
     # Next, check that the provider is correctly configured
+    app = apps.first()
+
+    if allauth.app_settings.SITES_ENABLED:
+        # At least one matching site must be specified
+        if not app.sites.exists():
+            logger.error(f"SocialApp {app} has no sites configured")
+            return False
 
     # At this point, we assume that the provider is correctly configured
     return True
diff --git a/docs/docs/settings/SSO.md b/docs/docs/settings/SSO.md
index f57c205663..366c7f9456 100644
--- a/docs/docs/settings/SSO.md
+++ b/docs/docs/settings/SSO.md
@@ -78,6 +78,9 @@ Configure the social application entry with the app details:
 - Add the *site* which you want to provide access for this SSO app
 - Save the new application entry when configuration is finished
 
+!!! warning "Site Selection"
+    You *must* assign the new application to at least one available site domain
+
 !!! tip "Fix Your Mistakes"
     You can always return to edit or adjust the social application details later
 
@@ -112,7 +115,7 @@ In the [settings screen](./global.md), navigate to the *Login Settings* panel. H
 
 ### Configure Email
 
-Note that [email settings](./email.md) must be correctly configured before SSO will be activated. Ensure that your email setup is correctly configured and operataional.
+Note that [email settings](./email.md) must be correctly configured before SSO will be activated. Ensure that your email setup is correctly configured and operational.
 
 ## Security Considerations