Skip to content

Refactor UserRegistrationManager for extensibility and fix external auth login persistence #4828

Open
Open
Refactor UserRegistrationManager for extensibility and fix external auth login persistence#4828
Assignees
ntuthukomsane-boxfusion
Labels
bugSomething isn't workingenhancementNew feature or request
@ntuthukomsane-boxfusion

Description

@ntuthukomsane-boxfusion
ntuthukomsane-boxfusion
opened on Apr 17, 2026

Description
Two issues exist in the current external authentication flow:

  1. External login records are overwritten instead of appended. In TokenAuthController.ExternalAuthenticate, the code replaces user.Logins with a brand-new list containing only the current provider login. This destroys any previously linked external logins for the user (e.g., if a user had both Google and Microsoft linked, logging in via one would remove the other).
  2. UserRegistrationManager is not extensible. It is injected as a concrete class, its RegisterAsync method is not virtual, and its helper methods (CheckForTenant, GetActiveTenantAsync) are private. This prevents downstream applications from customizing user registration behaviour for external authentication scenarios.

Changes
Bug fix — External login persistence (TokenAuthController):

  • Instead of replacing user.Logins with a new single-item list, the fix fetches the persisted user within a new RequiresNew transaction scope and adds the login entry to the existing collection, preserving any previously linked logins.
  • Injects IRepository<User, long> and IRepository<UserLogin, long> to support the corrected persistence flow.

Extensibility — UserRegistrationManager:

  • Extracts new IUserRegistrationManager interface (extends IDomainService) with the RegisterAsync contract.
  • UserRegistrationManager now implements IUserRegistrationManager.
  • RegisterAsync marked virtual to allow override in derived classes.
  • CheckForTenant() and GetActiveTenantAsync() changed from private to protected so subclasses can reuse them.
  • Removes unused IPasswordHasher constructor dependency.
  • Registers IUserRegistrationManager → UserRegistrationManager in IoC (SheshaFrameworkModule).
  • TokenAuthController now depends on IUserRegistrationManager instead of the concrete class.

Impact

  • Fixes data loss of external login records for users with multiple linked providers.
  • Enables downstream projects to override user registration behavior via DI and inheritance without modifying framework code.

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingenhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions