[codex] fix SSO provider merge validation

[riderx]

Summary (AI generated)

• Hardened SSO provisioning so the authenticated SSO provider must match the active provider registered for the user email domain.
• Restricted SSO account merge identity transfer to the domain-authorized provider only.
• Added regression coverage for provider mismatch provisioning and account merge takeover attempts.

Motivation (AI generated)

GHSA-jhjh-vp9p-54fg reported that the SSO merge path could trust an asserted email without proving the IdP was authorized for that email domain. This closes that merge and provisioning gap.

Business Impact (AI generated)

This prevents cross-domain SSO identity assertions from taking over customer accounts, protecting organization data, app access, and admin privileges.

Test Plan (AI generated)

• bunx eslint supabase/functions/_backend/private/sso/provision-user.ts tests/sso.test.ts
• bun run lint:backend
• bun run supabase:with-env -- bunx vitest run tests/sso.test.ts
• commit hook: bun run cli:build && vue-tsc --noEmit

Generated with AI

[coderabbitai]

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 8 minutes and 51 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 15a39a11-cd2b-4f2b-8bed-78c8847a8c31

📥 Commits

Reviewing files that changed from the base of the PR and between 97ee8f0 and d67c583.

📒 Files selected for processing (2)

• supabase/functions/_backend/private/sso/provision-user.ts
• tests/sso.test.ts

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-sso-provider-merge-security

---

_{Review rate limit: 0/5 reviews remaining, refill in 8 minutes and 51 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codspeed-hq]

Merging this PR will not alter performance

✅ 28 untouched benchmarks

---

_{Comparing codex/fix-sso-provider-merge-security (d67c583) with main (17d36c6)¹}

Footnotes

1. No successful run was found on main (97ee8f0) during the generation of this report, so 17d36c6 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.