fix: unintended account switch on authing with GitHub

Author: zcesur

lib/algora/accounts/accounts.ex

@@ -293,10 +293,10 @@ defmodule Algora.Accounts do
 
     primary_user =
       case {current_user, Repo.all(query)} do
+        {current_user, _} when not is_nil(current_user) -> current_user
         {_, []} -> nil
         {_, [user]} -> user
-        {nil, users} -> Enum.find(users, &(&1.provider == "github" and &1.provider_id == to_string(info["id"])))
-        {user, users} -> Enum.find(users, &(&1.id == user.id))
+        {_, users} -> Enum.find(users, &(&1.provider == "github" and &1.provider_id == to_string(info["id"])))
       end
 
     case primary_user do

test/algora/accounts_test.exs

@@ -54,6 +54,21 @@ defmodule Algora.AccountsTest do
       assert identity.provider_token == token
     end
 
+    test "updates existing user when user is authed", %{
+      github_info: github_info,
+      emails: emails,
+      token: token,
+      primary_email: primary_email
+    } do
+      existing_user = insert!(:user, email: "[email protected]", display_name: "Existing User")
+
+      {:ok, updated_user} = Accounts.register_github_user(existing_user, primary_email, github_info, emails, token)
+
+      assert updated_user.id == existing_user.id
+      assert updated_user.email == "[email protected]"
+      assert updated_user.provider_login == "testuser"
+    end
+
     test "updates existing user when matching by GitHub ID", %{
       github_info: github_info,
       emails: emails,