Make sure OAuth2 users cannot be associated multiple times

2017-12-29 14:17:53 -08:00 · 2017-12-29 14:17:53 -08:00 · 9eb91e6f0b
commit 9eb91e6f0b
parent 0f053b07a5
5 changed files with 27 additions and 11 deletions
--- a/locale/translations.go
+++ b/locale/translations.go
@ -1,5 +1,5 @@
 // Code generated by go generate; DO NOT EDIT.
-// 2017-12-28 18:55:07.409784145 -0800 PST m=+0.036504731
+// 2017-12-29 14:12:55.369940267 -0800 PST m=+0.042539315

 package locale

@ -209,12 +209,13 @@ var translations = map[string]string{
    "Download original content": "Télécharger le contenu original",
    "Toggle bookmark": "Ajouter/Enlever favoris",
    "Close modal dialog": "Fermer la boite de dialogue",
-    "Save article": "Sauvegarder l'article"
+    "Save article": "Sauvegarder l'article",
+    "There is already someone associated with this provider!": "Il y a déjà quelqu'un d'associé avec ce provider !"
 }
 `,
 }

 var translationsChecksums = map[string]string{
 	"en_US": "6fe95384260941e8a5a3c695a655a932e0a8a6a572c1e45cb2b1ae8baa01b897",
-	"fr_FR": "30f70cf369dae3e0461e44a444be56d657d7d381801c321e7312886e75278c81",
+	"fr_FR": "710be25933b58ab1449ec8797696cf937d4854fa0e9db555e2ef8fadd09b4382",
 }
--- a/locale/translations/fr_FR.json
+++ b/locale/translations/fr_FR.json
@ -193,5 +193,6 @@
    "Download original content": "Télécharger le contenu original",
    "Toggle bookmark": "Ajouter/Enlever favoris",
    "Close modal dialog": "Fermer la boite de dialogue",
-    "Save article": "Sauvegarder l'article"
+    "Save article": "Sauvegarder l'article",
+    "There is already someone associated with this provider!": "Il y a déjà quelqu'un d'associé avec ce provider !"
 }
--- a/server/core/context.go
+++ b/server/core/context.go
@ -135,7 +135,7 @@ func (c *Context) SetFlashErrorMessage(message string) {

 // FlashErrorMessage returns the error flash message and remove it.
 func (c *Context) FlashErrorMessage() string {
-	message := c.getContextStringValue(middleware.FlashMessageContextKey)
+	message := c.getContextStringValue(middleware.FlashErrorMessageContextKey)
 	c.store.UpdateSessionField(c.SessionID(), "flash_error_message", "")
 	return message
 }
--- a/server/ui/controller/controller.go
+++ b/server/ui/controller/controller.go
@ -44,11 +44,12 @@ func (c *Controller) getCommonTemplateArgs(ctx *core.Context) (tplParams, error)
 	}

 	params := tplParams{
-		"menu":         "",
-		"user":         user,
-		"countUnread":  countUnread,
-		"csrf":         ctx.CSRF(),
-		"flashMessage": ctx.FlashMessage(),
+		"menu":              "",
+		"user":              user,
+		"countUnread":       countUnread,
+		"csrf":              ctx.CSRF(),
+		"flashMessage":      ctx.FlashMessage(),
+		"flashErrorMessage": ctx.FlashErrorMessage(),
 	}
 	return params, nil
 }
--- a/server/ui/controller/oauth2.go
+++ b/server/ui/controller/oauth2.go
@ -71,7 +71,20 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
 	}

 	if ctx.IsAuthenticated() {
-		user := ctx.LoggedUser()
+		user, err := c.store.UserByExtraField(profile.Key, profile.ID)
+		if err != nil {
+			response.HTML().ServerError(err)
+			return
+		}
+
+		if user != nil {
+			logger.Error("[OAuth2] User #%d cannot be associated because %s is already associated", ctx.UserID(), user.Username)
+			ctx.SetFlashErrorMessage(ctx.Translate("There is already someone associated with this provider!"))
+			response.Redirect(ctx.Route("settings"))
+			return
+		}
+
+		user = ctx.LoggedUser()
 		if err := c.store.UpdateExtraField(user.ID, profile.Key, profile.ID); err != nil {
 			response.HTML().ServerError(err)
 			return