From e81ca06f9cae02a43fc50e1520b6d64dc2b25f5e Mon Sep 17 00:00:00 2001
From: ilkin-overleaf <100852799+ilkin-overleaf@users.noreply.github.com>
Date: Tue, 18 Nov 2025 13:28:57 +0200
Subject: [PATCH] Merge pull request #29614 from
overleaf/ii-domain-capture-mu-email-check
[web] Check email from SAML callback before enrollment page
GitOrigin-RevId: 3c8224d42b87969290d5031a28d4ec217e875d84
---
.../web/app/src/Features/Errors/Errors.js | 3 +
.../web/frontend/extracted-translations.json | 1 +
services/web/locales/en.json | 1 +
.../components/domain-capture.spec.tsx | 65 ++++++++++++++-----
4 files changed, 55 insertions(+), 15 deletions(-)
diff --git a/services/web/app/src/Features/Errors/Errors.js b/services/web/app/src/Features/Errors/Errors.js
index 5a3ef61b04..94a155fb3f 100644
--- a/services/web/app/src/Features/Errors/Errors.js
+++ b/services/web/app/src/Features/Errors/Errors.js
@@ -194,6 +194,8 @@ class SAMLRequestDeniedError extends SAMLAuthenticationError {
}
}
+class SAMLDomainCaptureManagedUserMissingEmailError extends OError {}
+
class SAMLSessionDataMissing extends BackwardCompatibleError {
constructor(arg) {
super(arg)
@@ -377,6 +379,7 @@ module.exports = {
SAMLResponseAlreadyProcessedError,
SAMLRequestDeniedError,
SAMLDomainCaptureRegisterError,
+ SAMLDomainCaptureManagedUserMissingEmailError,
SLInV2Error,
ThirdPartyIdentityExistsError,
ThirdPartyUserNotFoundError,
diff --git a/services/web/frontend/extracted-translations.json b/services/web/frontend/extracted-translations.json
index bab4a968da..78e69f1dd4 100644
--- a/services/web/frontend/extracted-translations.json
+++ b/services/web/frontend/extracted-translations.json
@@ -1514,6 +1514,7 @@
"role": "",
"rolling_texlive_build": "",
"saml_auth_error": "",
+ "saml_email_not_in_account_error": "",
"saml_identity_exists_error": "",
"saml_invalid_signature_error": "",
"saml_login_disabled_error": "",
diff --git a/services/web/locales/en.json b/services/web/locales/en.json
index 35f77ec753..bfc86b0f9a 100644
--- a/services/web/locales/en.json
+++ b/services/web/locales/en.json
@@ -1967,6 +1967,7 @@
"saml_authentication_required_error": "Other login methods have been disabled by your group administrator. Please use your group SSO login.",
"saml_commons_unavailable": "Institution SSO is currently unavailable. For more details, please see <0>__linkText__.",
"saml_create_admin_instructions": "Choose an email address for the first __appName__ admin account. This should correspond to an account in the SAML system. You will then be asked to log in with this account.",
+ "saml_email_not_in_account_error": "Your identity provider returned __email__, which is not already on your current __appName__ account. You will need to log out and create a new __appName__ account with __email__ via the SSO log in page. Once this is done, you can <0>transfer your existing projects to the new account.",
"saml_email_not_recognized_error": "This email address isn’t set up for SSO. Please check it and try again or contact your administrator.",
"saml_identity_exists_error": "Sorry, the identity returned by your identity provider is already linked with a different Overleaf account. Please contact your administrator for more information.",
"saml_invalid_signature_error": "Sorry, the information received from your identity provider has an invalid signature. Please contact your administrator for more information.",
diff --git a/services/web/test/frontend/features/group-management/components/domain-capture.spec.tsx b/services/web/test/frontend/features/group-management/components/domain-capture.spec.tsx
index 47abc81cd8..4f1235e0cc 100644
--- a/services/web/test/frontend/features/group-management/components/domain-capture.spec.tsx
+++ b/services/web/test/frontend/features/group-management/components/domain-capture.spec.tsx
@@ -83,24 +83,59 @@ describe('', function () {
})
})
- it('renders institution error message', function () {
- const errorMsg = 'Error message'
- const notificationsInstitution = [
- {
- templateKey: 'notification_institution_sso_error',
- error: {
- message: errorMsg,
+ describe('notifications', function () {
+ it('renders missing email on account error message', function () {
+ const institutionEmail = 'email@example.com'
+ const notificationsInstitution = [
+ {
+ templateKey: 'notification_email_not_in_account',
+ institutionEmail,
},
- },
- ]
- cy.window().then(win => {
- win.metaAttributesCache.set(
- 'ol-notificationsInstitution',
- notificationsInstitution
+ ]
+ cy.window().then(win => {
+ win.metaAttributesCache.set(
+ 'ol-notificationsInstitution',
+ notificationsInstitution
+ )
+ })
+ cy.mount()
+
+ cy.findByRole('alert').should(
+ 'contain.text',
+ `Your identity provider returned ${institutionEmail}, which ` +
+ `is not already on your current Overleaf account. You will need to ` +
+ `log out and create a new Overleaf account with ${institutionEmail} ` +
+ `via the SSO log in page. Once this is done, you can ` +
+ `transfer your existing projects to the new account.`
+ )
+ cy.findByRole('link', {
+ name: /transfer your existing projects/i,
+ }).should(
+ 'have.attr',
+ 'href',
+ '/learn/how-to/How_to_Transfer_Project_Ownership'
)
})
- cy.mount()
- cy.findByRole('alert').should('contain.text', errorMsg)
+ it('renders institution error message', function () {
+ const errorMsg = 'Error message'
+ const notificationsInstitution = [
+ {
+ templateKey: 'notification_institution_sso_error',
+ error: {
+ message: errorMsg,
+ },
+ },
+ ]
+ cy.window().then(win => {
+ win.metaAttributesCache.set(
+ 'ol-notificationsInstitution',
+ notificationsInstitution
+ )
+ })
+ cy.mount()
+
+ cy.findByRole('alert').should('contain.text', errorMsg)
+ })
})
})