Skip to content

Commit b0e5d00

Browse files
Jefferson49Jefferson49
committed
Bugfix: Do not allow to connect with an user, who has just registered and not signed in yet
1 parent 71c7f82 commit b0e5d00

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

src/LoginWithAuthorizationProviderAction.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -264,10 +264,13 @@ public function handle(ServerRequestInterface $request): ResponseInterface
264264
$provider_to_connect = Session::get(OAuth2Client::activeModuleName() . OAuth2Client::SESSION_PROVIDER_TO_CONNECT, '');
265265
$user_to_connect = Session::get(OAuth2Client::activeModuleName() . OAuth2Client::SESSION_USER_TO_CONNECT, 0);
266266

267+
//Check if username/email already exists
268+
$existing_credentials = (($this->user_service->findByEmail($email) !== null) OR ($this->user_service->findByUserName($user_name) !== null));
269+
267270
//If we shall connect an existing user to a provider
268271
if($provider_to_connect === $provider_name && $user_to_connect !== 0) {
269272

270-
if ($this->findUserByAuthorizationProviderId($provider_name, $authorization_provider_id) !== null) {
273+
if ($existing_credentials OR $this->findUserByAuthorizationProviderId($provider_name, $authorization_provider_id) !== null) {
271274
$message = I18N::translate('The identity received by the authorization provider cannot be connected to the requested user, because it is already used to sign in by another webtrees user.');
272275
FlashMessages::addMessage($message, 'danger');
273276
CustomModuleLog::addDebugLog($log_module, $message);
@@ -287,9 +290,6 @@ public function handle(ServerRequestInterface $request): ResponseInterface
287290
self::deleteSessionValuesForProviderConnection();
288291
}
289292

290-
//Check if username/email already exists
291-
$existing_credentials = (($this->user_service->findByEmail($email) !== null) OR ($this->user_service->findByUserName($user_name) !== null));
292-
293293
//If user does not exist already, register based on the authorization provider user data
294294
if (!$existing_credentials && $this->findUserByAuthorizationProviderId($provider_name, $authorization_provider_id) === null) {
295295

0 commit comments

Comments
 (0)