Make sure OAuth2 users cannot be associated multiple times

author: Frédéric Guillot <fred@miniflux.net> 2017-12-29 14:17:53 -0800
committer: Frédéric Guillot <fred@miniflux.net> 2017-12-29 14:17:53 -0800
commit: 9eb91e6f0b175a1e96fd252924a52261ee595ba8 (patch)
tree: 599758d1a6eeb98b0bb8869a59c4dd84589db80b /server/ui/controller/oauth2.go
parent: 0f053b07a55c6dad2ec4b6da75995ccfa26bcb4e (diff)
download: v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.tar.gz
v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.tar.zst
v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.zip
1 files changed, 14 insertions, 1 deletions
diff --git a/server/ui/controller/oauth2.go b/server/ui/controller/oauth2.go
index 25899ff2..2aaa5d7d 100644
--- a/server/ui/controller/oauth2.go
+++ b/server/ui/controller/oauth2.go
@@ -71,7 +71,20 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
 	}
 
 	if ctx.IsAuthenticated() {
-		user := ctx.LoggedUser()
+		user, err := c.store.UserByExtraField(profile.Key, profile.ID)
+		if err != nil {
+			response.HTML().ServerError(err)
+			return
+		}
+
+		if user != nil {
+			logger.Error("[OAuth2] User #%d cannot be associated because %s is already associated", ctx.UserID(), user.Username)
+			ctx.SetFlashErrorMessage(ctx.Translate("There is already someone associated with this provider!"))
+			response.Redirect(ctx.Route("settings"))
+			return
+		}
+
+		user = ctx.LoggedUser()
 		if err := c.store.UpdateExtraField(user.ID, profile.Key, profile.ID); err != nil {
 			response.HTML().ServerError(err)
 			return
author	Frédéric Guillot <fred@miniflux.net>	2017-12-29 14:17:53 -0800
committer	Frédéric Guillot <fred@miniflux.net>	2017-12-29 14:17:53 -0800
commit	9eb91e6f0b175a1e96fd252924a52261ee595ba8 (patch)
tree	599758d1a6eeb98b0bb8869a59c4dd84589db80b /server/ui/controller/oauth2.go
parent	0f053b07a55c6dad2ec4b6da75995ccfa26bcb4e (diff)
download	v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.tar.gz v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.tar.zst v2-9eb91e6f0b175a1e96fd252924a52261ee595ba8.zip