From 9519d55332a1f22891e5ad8a1de1d2ba027bafc7 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Fri, 25 Jan 2019 12:36:54 +0100
Subject: [PATCH] Fix SSO authentication not working due to missing agreement
 boolean (#9915)

Fix #9906
---
 app/models/concerns/omniauthable.rb | 1 +
 app/models/user.rb                  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/app/models/concerns/omniauthable.rb b/app/models/concerns/omniauthable.rb
index f263fe7af..4dd2e9383 100644
--- a/app/models/concerns/omniauthable.rb
+++ b/app/models/concerns/omniauthable.rb
@@ -63,6 +63,7 @@ module Omniauthable
       {
         email: email || "#{TEMP_EMAIL_PREFIX}-#{auth.uid}-#{auth.provider}.com",
         password: Devise.friendly_token[0, 20],
+        agreement: true,
         account_attributes: {
           username: ensure_unique_username(auth.uid),
           display_name: display_name,
diff --git a/app/models/user.rb b/app/models/user.rb
index 5aa5c2b15..fdd2741c1 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -295,6 +295,7 @@ class User < ApplicationRecord
 
   def self.pam_get_user(attributes = {})
     return nil unless attributes[:email]
+
     resource =
       if Devise.check_at_sign && !attributes[:email].index('@')
         joins(:account).find_by(accounts: { username: attributes[:email] })
@@ -304,6 +305,7 @@ class User < ApplicationRecord
 
     if resource.blank?
       resource = new(email: attributes[:email], agreement: true)
+
       if Devise.check_at_sign && !resource[:email].index('@')
         resource[:email] = Rpam2.getenv(resource.find_pam_service, attributes[:email], attributes[:password], 'email', false)
         resource[:email] = "#{attributes[:email]}@#{resource.find_pam_suffix}" unless resource[:email]