From 930f9f6096a17a940573b0378add12f3b08e6aa1 Mon Sep 17 00:00:00 2001
From: Sakkyoi Cheng <22865542+sakkyoi@users.noreply.github.com>
Date: Thu, 4 Sep 2025 22:15:39 +0800
Subject: [PATCH] fix(ssologin): missing role in SSO auto-registration and
 minor callback issue (#9305)

* fix(ssologin): return after error response

* fix(ssologin): set default role for SSO user creation
---
 server/handles/ssologin.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/handles/ssologin.go b/server/handles/ssologin.go
index eb6599e7..779cc132 100644
--- a/server/handles/ssologin.go
+++ b/server/handles/ssologin.go
@@ -4,6 +4,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"github.com/alist-org/alist/v3/internal/op"
 	"net/http"
 	"net/url"
 	"path"
@@ -154,7 +155,7 @@ func autoRegister(username, userID string, err error) (*model.User, error) {
 		Password:   random.String(16),
 		Permission: int32(setting.GetInt(conf.SSODefaultPermission, 0)),
 		BasePath:   setting.GetStr(conf.SSODefaultDir),
-		Role:       nil,
+		Role:       model.Roles{op.GetDefaultRoleID()},
 		Disabled:   false,
 		SsoID:      userID,
 	}
@@ -256,6 +257,7 @@ func OIDCLoginCallback(c *gin.Context) {
 			user, err = autoRegister(userID, userID, err)
 			if err != nil {
 				common.ErrorResp(c, err, 400)
+				return
 			}
 		}
 		token, err := common.GenerateToken(user)