[WIP] Fix issue with OIDC Google auto-registration for users

[Copilot]

• Investigate repository structure and understand the authentication flow
• Identify the root cause: findOrCreateUser method doesn't check autoRegister setting
• Verify build and lint work correctly
• Add auto-registration check in the findOrCreateUser method
• Add appropriate error handling when auto-registration is disabled
• Build and validate changes
• Run CodeQL security analysis (0 alerts)
• Verify the fix handles all scenarios correctly:
  • ✅ Blocks new user creation when autoRegister is disabled
  • ✅ Allows existing users to link OIDC providers
  • ✅ Allows existing linked users to continue logging in

Summary

Fixed the issue where OIDC Google users were being created even with auto-registration disabled.

Changes Made

File: apps/server/src/modules/auth-providers/service.ts

Added a check in the findOrCreateUser method to verify if autoRegister is disabled before creating a new user. When disabled, the system throws an error that is properly handled by the existing error handling in the controller.

Behavior

• New users with autoRegister disabled: Login is blocked with error message "Registration via [Provider] is disabled. Contact your administrator."
• Existing users: Can still login and link OIDC providers to their accounts
• Already linked users: Continue to work normally

Security

• No security vulnerabilities detected by CodeQL
• All existing tests pass
• Type checking and linting pass

Original prompt

---

This section details on the original issue you should resolve

<issue_title>OIDC Google users are created even with auto-registration disabled</issue_title>
<issue_description>

Hi,
I have configured OIDC Authentication with Google and disabled the auto-registration of new users, but new accounts are still being created when users log in with Google.

Steps to reproduce:

1. Configure OIDC Authentication with Google.
2. Disable auto-registration for new users.
3. Try logging in with a Google account that doesn’t exist in the system.

Expected behavior:
The login should be blocked, and the user should not be created if auto-registration is disabled.

Actual behavior:
A new user is created even though auto-registration is turned off.

Comments on the Issue (you are @copilot in this section)

Fixes #276

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[danielalves96]

@copilot this error maybe related with linter, check

[Copilot]

@copilot this error maybe related with linter, check

I've verified all linting and type checking across the entire monorepo. All checks pass successfully:

✅ Server app: pnpm lint and pnpm type-check pass
✅ Web app: pnpm validate passes
✅ Docs app: pnpm validate passes
✅ Build: pnpm build completes successfully

No linter errors found. The code change follows all code quality standards. Commit: 166435f

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• checkpoint.prisma.io

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)