feat: allow oidc only signup and trust mail addresses (#1208)

This change will allow for user registration when users are federated
through oidc provider even if the general signup is disabled
additionally the users email address can now be automatically set as
trusted. This will force corporate users to signin using SSO instead of
creating manual accounts.

apps/web/process-env.d.ts

@@ -16,5 +16,7 @@ declare namespace NodeJS {
     NEXT_PRIVATE_OIDC_WELL_KNOWN: string;
     NEXT_PRIVATE_OIDC_CLIENT_ID: string;
     NEXT_PRIVATE_OIDC_CLIENT_SECRET: string;
+    NEXT_PRIVATE_OIDC_ALLOW_SIGNUP?: string;
+    NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string;
   }
 }

apps/web/src/pages/api/auth/[...nextauth].ts

@@ -60,13 +60,23 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
           },
         });
       },
-      linkAccount: async ({ user }) => {
+      linkAccount: async ({ user, account, profile }) => {
         const userId = typeof user.id === 'string' ? parseInt(user.id) : user.id;
 
-        if (isNaN(userId)) {
+        if (Number.isNaN(userId)) {
           return;
         }
 
+        // If the user is linking an OIDC account and the email verified date is set then update it in the db.
+        if (account.provider === 'oidc' && profile.emailVerified !== null) {
+          await prisma.user.update({
+            where: { id: userId },
+            data: {
+              emailVerified: profile.emailVerified,
+            },
+          });
+        }
+
         await prisma.userSecurityAuditLog.create({
           data: {
             userId,