strapi-plugin-oidc 1.0.5 → 1.0.7

package/README.md

@@ -2,8 +2,11 @@
   <img src="https://raw.githubusercontent.com/edmogeor/strapi-plugin-oidc/main/assets/icon.png" width="140" alt="OIDC Login for Strapi Logo"/>
   <h1>OIDC Login for Strapi</h1>
   <p>
+    <a href="https://www.npmjs.com/package/strapi-plugin-oidc">
+      <img src="https://img.shields.io/npm/v/strapi-plugin-oidc.svg" alt="npm version">
+    </a>
     <a href="https://github.com/edmogeor/strapi-plugin-oidc/actions/workflows/test.yml">
-      <img src="https://github.com/edmogeor/strapi-plugin-oidc/actions/workflows/test.yml/badge.svg" alt="Tests">
+      <img src="https://github.com/edmogeor/strapi-plugin-oidc/actions/workflows/test.yml/badge.svg?branch=main" alt="Tests">
     </a>
   </p>
 </div>
@@ -67,13 +70,22 @@ module.exports = ({ env }) => ({
 
 Make sure to replace the placeholder values (e.g., `[Client ID from OpenID Provider]`) with the actual connection details from your chosen OIDC identity provider.
 
+## How to Login
+
+Once configured, you can initiate the OIDC login flow by navigating to:
+`http://<your-strapi-domain>/strapi-plugin-oidc/oidc`
+
+(e.g., `http://localhost:1337/strapi-plugin-oidc/oidc` for local development).
+
+When the **Enforce OIDC Login** option is enabled in the Admin Settings, the standard Strapi admin login page will be automatically redirected to this URL.
+
 ## Admin Settings
 
 Once the plugin is installed and configured, you can manage the OIDC settings from the Strapi Admin Panel under **Settings** > **OIDC Plugin**.
 
 - **Whitelist Management**: Restrict login to specific users by adding their email addresses to the whitelist. You can also whitelist entire email domains (e.g., `*@company.com`). If the whitelist is empty, any user who successfully authenticates via your OIDC provider will be able to log in and an account will be automatically created for them.
 - **Default Role Assignment**: Select the default Strapi admin role that will be assigned to newly created users when they log in for the first time via OIDC.
-- **Enforce OIDC Login**: When enabled, the default Strapi email and password login form will be disabled, forcing all administrators to log in using your OIDC provider. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
+- **Enforce OIDC Login**: When enabled, the default Strapi email and password login form will be disabled and the standard login will be redirected to the OIDC login URL, forcing all administrators to log in using your OIDC provider. _(Note: This option is automatically disabled and grayed out if your whitelist is empty to prevent accidentally locking everyone out of the admin panel)._
 
 ## Credits & Changes
 
@@ -85,7 +97,9 @@ This plugin is a hard fork of the original [`strapi-plugin-sso`](https://github.
 - Redesigned the Whitelist and Role management UI (switched to native Strapi cards, added pagination, etc.).
 - Added an OIDC logout redirect URL.
 - Added an option to "Enforce OIDC login" with an admin toggle (automatically disabled if the whitelist is empty).
+- Added configurable "Remember Me" duration for sessions (`REMEMBER_ME_DAYS`).
 - Migrated the testing framework to Vitest and added comprehensive test coverage for controllers and services.
 - Cleaned up dead code and unused dependencies to improve maintainability.
 - Upgraded to use newer versions of Node.js.
+- Added styled success and error pages.
 - Added misc. quality of life improvements and bug fixes.

package/dist/admin/{en-jFPbEFeK.js → en-8UlbiAHW.js}

@@ -11,6 +11,7 @@ const en = {
   "page.cancel": "Cancel",
   "page.ok": "OK",
   "roles.title": "Default Role(s)",
+  "roles.placeholder": "Select default role(s)",
   "whitelist.title": "Whitelist",
   "whitelist.error.unique": "Already registered email address.",
   "whitelist.enabled": "Whitelist is currently enabled.",

package/dist/admin/{en-f0TxVfx7.mjs → en-DInn-mdh.mjs}

@@ -9,6 +9,7 @@ const en = {
   "page.cancel": "Cancel",
   "page.ok": "OK",
   "roles.title": "Default Role(s)",
+  "roles.placeholder": "Select default role(s)",
   "whitelist.title": "Whitelist",
   "whitelist.error.unique": "Already registered email address.",
   "whitelist.enabled": "Whitelist is currently enabled.",

package/dist/admin/{index-B525UaV3.js → index-Bc2bQNhu.js}

@@ -55,7 +55,7 @@ const index = {
           defaultMessage: "Configuration"
         },
         Component: async () => {
-          return await Promise.resolve().then(() => require("./index-DlQ8NUBY.js"));
+          return await Promise.resolve().then(() => require("./index-DNIqscJT.js"));
         },
         permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }]
       }
@@ -110,7 +110,7 @@ const index = {
   async registerTrads({ locales }) {
     const importedTrads = await Promise.all(
       locales.map((locale) => {
-        return __variableDynamicImportRuntimeHelper(/* @__PURE__ */ Object.assign({ "./translations/en.json": () => Promise.resolve().then(() => require("./en-jFPbEFeK.js")) }), `./translations/${locale}.json`, 3).then(({ default: data }) => {
+        return __variableDynamicImportRuntimeHelper(/* @__PURE__ */ Object.assign({ "./translations/en.json": () => Promise.resolve().then(() => require("./en-8UlbiAHW.js")) }), `./translations/${locale}.json`, 3).then(({ default: data }) => {
           const newData = Object.fromEntries(
             Object.entries(data).map(([key, value]) => [
               key.startsWith("global.") ? key : getTranslation(key),

package/dist/admin/{index-D3AvxXlB.mjs → index-Cz9Q6j4e.mjs}

@@ -54,7 +54,7 @@ const index = {
           defaultMessage: "Configuration"
         },
         Component: async () => {
-          return await import("./index-BbD-7Z4N.mjs");
+          return await import("./index-V4-lA3hu.mjs");
         },
         permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }]
       }
@@ -109,7 +109,7 @@ const index = {
   async registerTrads({ locales }) {
     const importedTrads = await Promise.all(
       locales.map((locale) => {
-        return __variableDynamicImportRuntimeHelper(/* @__PURE__ */ Object.assign({ "./translations/en.json": () => import("./en-f0TxVfx7.mjs") }), `./translations/${locale}.json`, 3).then(({ default: data }) => {
+        return __variableDynamicImportRuntimeHelper(/* @__PURE__ */ Object.assign({ "./translations/en.json": () => import("./en-DInn-mdh.mjs") }), `./translations/${locale}.json`, 3).then(({ default: data }) => {
           const newData = Object.fromEntries(
             Object.entries(data).map(([key, value]) => [
               key.startsWith("global.") ? key : getTranslation(key),

package/dist/admin/{index-DlQ8NUBY.js → index-DNIqscJT.js}

@@ -7,8 +7,8 @@ const react = require("react");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
 const reactIntl = require("react-intl");
-const index = require("./index-B525UaV3.js");
-const en = require("./en-jFPbEFeK.js");
+const index = require("./index-Bc2bQNhu.js");
+const en = require("./en-8UlbiAHW.js");
 const styled = require("styled-components");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
@@ -89,199 +89,177 @@ function Whitelist({
   }, [email]);
   return /* @__PURE__ */ jsxRuntime.jsx(jsxRuntime.Fragment, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Box, { children: [
     /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { tag: "p", variant: "omega", textColor: "neutral600", marginBottom: 4, children: formatMessage(getTrad("whitelist.description")) }),
-    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, marginTop: 5, marginBottom: 5, alignItems: "flex-start", children: [
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
-        designSystem.Field.Input,
-        {
-          type: "text",
-          disabled: loading,
-          value: email,
-          hasError: Boolean(email && !isValidEmail()),
-          onChange: (e) => setEmail(e.currentTarget.value),
-          placeholder: formatMessage(getTrad("whitelist.email.placeholder"))
-        }
-      ) }) }),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
-        designSystem.MultiSelect,
-        {
-          withTags: true,
-          placeholder: formatMessage(getTrad("whitelist.roles.placeholder")),
-          value: selectedRoles,
-          onChange: (value) => {
-            setSelectedRoles(value || []);
-          },
-          children: roles.map((role) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.MultiSelectOption, { value: role.id.toString(), children: role.name }, role.id))
-        }
-      ) }) }),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { children: /* @__PURE__ */ jsxRuntime.jsx(
-        designSystem.Button,
-        {
-          size: "L",
-          startIcon: /* @__PURE__ */ jsxRuntime.jsx(icons.Plus, {}),
-          disabled: loading || email.trim() === "" || !isValidEmail(),
-          loading,
-          onClick: onSaveEmail,
-          children: formatMessage(getTrad("page.add"))
-        }
-      ) })
-    ] }),
-    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, {}),
-    /* @__PURE__ */ jsxRuntime.jsxs(CustomTable, { colCount: 5, rowCount: users.length, children: [
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Thead, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.no")) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.email")) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.roles")) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.created")) }),
-        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { style: { paddingRight: 0 }, children: " " })
-      ] }) }),
-      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: users.length === 0 ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tr, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { colSpan: 5, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", padding: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "neutral600", children: formatMessage(getTrad("whitelist.table.empty")) }) }) }) }) : paginatedUsers.map((user, index2) => {
-        const getRoleNames = (roleIds) => roleIds.map((roleId) => {
-          const r = roles.find((ro) => String(ro.id) === String(roleId));
-          return r ? r.name : roleId;
-        }).join(", ");
-        let userRolesNames = getRoleNames(user.roles || []);
-        if (!userRolesNames) {
-          const defaultRolesIds = oidcRoles.reduce((acc, oidc) => {
-            if (oidc.role) acc.push(...oidc.role);
-            return acc;
-          }, []);
-          userRolesNames = getRoleNames(defaultRolesIds);
-        }
-        return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: index2 + 1 + (page - 1) * PAGE_SIZE }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: user.email }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: userRolesNames || "-" }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: /* @__PURE__ */ jsxRuntime.jsx(LocalizedDate, { date: user.createdAt }) }),
-          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { style: { paddingRight: 0 }, children: /* @__PURE__ */ jsxRuntime.jsx(
-            designSystem.Flex,
-            {
-              justifyContent: "flex-end",
-              onClick: (e) => e.stopPropagation(),
-              style: { width: "100%" },
-              children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Root, { children: [
-                /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Trigger, { children: /* @__PURE__ */ jsxRuntime.jsx(
-                  designSystem.IconButton,
-                  {
-                    label: formatMessage(getTrad("whitelist.delete.label")),
-                    withTooltip: false,
-                    children: /* @__PURE__ */ jsxRuntime.jsx(icons.Trash, {})
-                  }
-                ) }),
-                /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Content, { children: [
-                  /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Header, { children: formatMessage(getTrad("whitelist.delete.title")) }),
-                  /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Body, { icon: /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }), children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 2, children: [
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { id: "confirm-description", children: formatMessage(getTrad("whitelist.delete.description")) }) }),
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", fontWeight: "bold", children: user.email }) }),
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", marginTop: 2, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", children: formatMessage(getTrad("whitelist.delete.note")) }) })
-                  ] }) }),
-                  /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Footer, { children: [
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Cancel, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "tertiary", children: formatMessage(getTrad("page.cancel")) }) }),
-                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Action, { children: /* @__PURE__ */ jsxRuntime.jsx(
-                      designSystem.Button,
-                      {
-                        fullWidth: true,
-                        variant: "danger-light",
-                        onClick: () => onDelete(user.email),
-                        children: formatMessage(getTrad("page.ok"))
-                      }
-                    ) })
+    useWhitelist && /* @__PURE__ */ jsxRuntime.jsxs(jsxRuntime.Fragment, { children: [
+      /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { gap: 4, marginTop: 5, marginBottom: 5, alignItems: "flex-start", children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Field.Input,
+          {
+            type: "text",
+            disabled: loading,
+            value: email,
+            hasError: Boolean(email && !isValidEmail()),
+            onChange: (e) => setEmail(e.currentTarget.value),
+            placeholder: formatMessage(getTrad("whitelist.email.placeholder"))
+          }
+        ) }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { style: { flex: 1 }, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Field.Root, { children: /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.MultiSelect,
+          {
+            withTags: true,
+            placeholder: formatMessage(getTrad("whitelist.roles.placeholder")),
+            value: selectedRoles,
+            onChange: (value) => {
+              setSelectedRoles(value || []);
+            },
+            children: roles.map((role) => /* @__PURE__ */ jsxRuntime.jsx(designSystem.MultiSelectOption, { value: role.id.toString(), children: role.name }, role.id))
+          }
+        ) }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { children: /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.Button,
+          {
+            size: "L",
+            startIcon: /* @__PURE__ */ jsxRuntime.jsx(icons.Plus, {}),
+            disabled: loading || email.trim() === "" || !isValidEmail(),
+            loading,
+            onClick: onSaveEmail,
+            children: formatMessage(getTrad("page.add"))
+          }
+        ) })
+      ] }),
+      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Divider, {}),
+      /* @__PURE__ */ jsxRuntime.jsxs(CustomTable, { colCount: 5, rowCount: users.length, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Thead, { children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.no")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.email")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.roles")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { children: formatMessage(getTrad("whitelist.table.created")) }),
+          /* @__PURE__ */ jsxRuntime.jsx(designSystem.Th, { style: { paddingRight: 0 }, children: " " })
+        ] }) }),
+        /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tbody, { children: users.length === 0 ? /* @__PURE__ */ jsxRuntime.jsx(designSystem.Tr, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { colSpan: 5, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", padding: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { textColor: "neutral600", children: formatMessage(getTrad("whitelist.table.empty")) }) }) }) }) : paginatedUsers.map((user, index2) => {
+          const getRoleNames = (roleIds) => roleIds.map((roleId) => {
+            const r = roles.find((ro) => String(ro.id) === String(roleId));
+            return r ? r.name : roleId;
+          }).join(", ");
+          let userRolesNames = getRoleNames(user.roles || []);
+          if (!userRolesNames) {
+            const defaultRolesIds = oidcRoles.reduce((acc, oidc) => {
+              if (oidc.role) acc.push(...oidc.role);
+              return acc;
+            }, []);
+            userRolesNames = getRoleNames(defaultRolesIds);
+          }
+          return /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Tr, { children: [
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: index2 + 1 + (page - 1) * PAGE_SIZE }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: user.email }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: userRolesNames || "-" }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { children: /* @__PURE__ */ jsxRuntime.jsx(LocalizedDate, { date: user.createdAt }) }),
+            /* @__PURE__ */ jsxRuntime.jsx(designSystem.Td, { style: { paddingRight: 0 }, children: /* @__PURE__ */ jsxRuntime.jsx(
+              designSystem.Flex,
+              {
+                justifyContent: "flex-end",
+                onClick: (e) => e.stopPropagation(),
+                style: { width: "100%" },
+                children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Root, { children: [
+                  /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Trigger, { children: /* @__PURE__ */ jsxRuntime.jsx(
+                    designSystem.IconButton,
+                    {
+                      label: formatMessage(getTrad("whitelist.delete.label")),
+                      withTooltip: false,
+                      children: /* @__PURE__ */ jsxRuntime.jsx(icons.Trash, {})
+                    }
+                  ) }),
+                  /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Content, { children: [
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Header, { children: formatMessage(getTrad("whitelist.delete.title")) }),
+                    /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Body, { icon: /* @__PURE__ */ jsxRuntime.jsx(icons.WarningCircle, { fill: "danger600" }), children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Flex, { direction: "column", alignItems: "center", gap: 2, children: [
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { id: "confirm-description", children: formatMessage(getTrad("whitelist.delete.description")) }) }),
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "omega", fontWeight: "bold", children: user.email }) }),
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "center", marginTop: 2, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Typography, { variant: "pi", textColor: "neutral600", children: formatMessage(getTrad("whitelist.delete.note")) }) })
+                    ] }) }),
+                    /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Dialog.Footer, { children: [
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Cancel, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Button, { fullWidth: true, variant: "tertiary", children: formatMessage(getTrad("page.cancel")) }) }),
+                      /* @__PURE__ */ jsxRuntime.jsx(designSystem.Dialog.Action, { children: /* @__PURE__ */ jsxRuntime.jsx(
+                        designSystem.Button,
+                        {
+                          fullWidth: true,
+                          variant: "danger-light",
+                          onClick: () => onDelete(user.email),
+                          children: formatMessage(getTrad("page.ok"))
+                        }
+                      ) })
+                    ] })
                   ] })
                 ] })
-              ] })
-            }
-          ) })
-        ] }, user.email);
-      }) })
-    ] }),
-    pageCount > 1 && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingTop: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "flex-end", children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Pagination, { activePage: page, pageCount, children: [
-      /* @__PURE__ */ jsxRuntime.jsx(
-        designSystem.PreviousLink,
-        {
-          href: "#",
-          onClick: (e) => {
-            e.preventDefault();
-            setPage((p) => Math.max(1, p - 1));
-          },
-          children: "Go to previous page"
-        }
-      ),
-      Array.from({ length: pageCount }).map((_, i) => /* @__PURE__ */ jsxRuntime.jsxs(
-        designSystem.PageLink,
-        {
-          number: i + 1,
-          href: "#",
-          onClick: (e) => {
-            e.preventDefault();
-            setPage(i + 1);
-          },
-          children: [
-            "Go to page ",
-            i + 1
-          ]
-        },
-        i + 1
-      )),
-      /* @__PURE__ */ jsxRuntime.jsx(
-        designSystem.NextLink,
-        {
-          href: "#",
-          onClick: (e) => {
-            e.preventDefault();
-            setPage((p) => Math.min(pageCount, p + 1));
+              }
+            ) })
+          ] }, user.email);
+        }) })
+      ] }),
+      pageCount > 1 && /* @__PURE__ */ jsxRuntime.jsx(designSystem.Box, { paddingTop: 4, children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Flex, { justifyContent: "flex-end", children: /* @__PURE__ */ jsxRuntime.jsxs(designSystem.Pagination, { activePage: page, pageCount, children: [
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.PreviousLink,
+          {
+            href: "#",
+            onClick: (e) => {
+              e.preventDefault();
+              setPage((p) => Math.max(1, p - 1));
+            },
+            children: "Go to previous page"
+          }
+        ),
+        Array.from({ length: pageCount }).map((_, i) => /* @__PURE__ */ jsxRuntime.jsxs(
+          designSystem.PageLink,
+          {
+            number: i + 1,
+            href: "#",
+            onClick: (e) => {
+              e.preventDefault();
+              setPage(i + 1);
+            },
+            children: [
+              "Go to page ",
+              i + 1
+            ]
           },
-          children: "Go to next page"
-        }
-      )
-    ] }) }) })
+          i + 1
+        )),
+        /* @__PURE__ */ jsxRuntime.jsx(
+          designSystem.NextLink,
+          {
+            href: "#",
+            onClick: (e) => {
+              e.preventDefault();
+              setPage((p) => Math.min(pageCount, p + 1));
+            },
+            children: "Go to next page"
+          }
+        )
+      ] }) }) })
+    ] })
   ] }) });
 }
 const AlertMessage = styled__default.default.div`
-    position: fixed;
-    left: 50%;
-    transform: translateX(-50%);
-    top: 2.875rem;
-    z-index: 10;
-    width: 31.25rem;
+  position: fixed;
+  left: 50%;
+  transform: translateX(-50%);
+  top: 2.875rem;
+  z-index: 10;
+  width: 31.25rem;
 `;
 function SuccessAlertMessage({ onClose }) {
   const { formatMessage } = reactIntl.useIntl();
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
-    designSystem.Alert,
-    {
-      title: "Success",
-      variant: "success",
-      closeLabel: "",
-      onClose,
-      children: formatMessage(getTrad("page.save.success"))
-    }
-  ) });
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Success", variant: "success", closeLabel: "", onClose, children: formatMessage(getTrad("page.save.success")) }) });
 }
 function ErrorAlertMessage({ onClose }) {
   const { formatMessage } = reactIntl.useIntl();
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
-    designSystem.Alert,
-    {
-      title: "Error",
-      variant: "danger",
-      closeLabel: "",
-      onClose,
-      children: formatMessage(getTrad("page.save.error"))
-    }
-  ) });
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Error", variant: "danger", closeLabel: "", onClose, children: formatMessage(getTrad("page.save.error")) }) });
 }
-function MatchedUserAlertMessage({ onClose, count }) {
+function MatchedUserAlertMessage({
+  onClose,
+  count
+}) {
   const { formatMessage } = reactIntl.useIntl();
-  const id = count > 1 ? "tab.whitelist.users_exists" : "tab.whitelist.user_exists";
-  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(
-    designSystem.Alert,
-    {
-      title: "Info",
-      variant: "default",
-      closeLabel: "",
-      onClose,
-      children: formatMessage(getTrad(id))
-    }
-  ) });
+  const id = count > 1 ? "whitelist.users_exists" : "whitelist.user_exists";
+  return /* @__PURE__ */ jsxRuntime.jsx(AlertMessage, { children: /* @__PURE__ */ jsxRuntime.jsx(designSystem.Alert, { title: "Info", variant: "default", closeLabel: "", onClose, children: formatMessage(getTrad(id)) }) });
 }
 const SwitchContainer = styled__default.default.label`
   position: relative;
@@ -395,10 +373,18 @@ function useOidcSettings() {
     setUsers([...users, newUser]);
   };
   const onDeleteWhitelist = async (email) => {
-    setUsers(users.filter((u) => u.email !== email));
+    const updatedUsers = users.filter((u) => u.email !== email);
+    setUsers(updatedUsers);
+    if (useWhitelist && updatedUsers.length === 0) {
+      setEnforceOIDC(false);
+    }
   };
   const onToggleWhitelist = (e) => {
-    setUseWhitelist(e.target.checked);
+    const checked = e.target.checked;
+    setUseWhitelist(checked);
+    if (checked && users.length === 0) {
+      setEnforceOIDC(false);
+    }
   };
   const onToggleEnforce = (e) => {
     setEnforceOIDC(e.target.checked);
@@ -413,13 +399,13 @@ function useOidcSettings() {
           role: role.role
         }))
       });
+      const syncResponse = await put("/strapi-plugin-oidc/whitelist/sync", {
+        users: users.map((u) => ({ email: u.email, roles: u.roles }))
+      });
       await put("/strapi-plugin-oidc/whitelist/settings", {
         useWhitelist,
         enforceOIDC
       });
-      const syncResponse = await put("/strapi-plugin-oidc/whitelist/sync", {
-        users: users.map((u) => ({ email: u.email, roles: u.roles }))
-      });
       setInitialOIDCRoles(JSON.parse(JSON.stringify(oidcRoles)));
       setInitialUseWhitelist(useWhitelist);
       setInitialEnforceOIDC(enforceOIDC);