forked from mystiq/dex
Merge pull request #242 from ericchiang/duplicate_login
server: fix flow when user logs in through wrong connector
This commit is contained in:
commit
6c09576668
1 changed files with 14 additions and 18 deletions
|
@ -322,26 +322,22 @@ func (s *Server) Login(ident oidc.Identity, key string) (string, error) {
|
||||||
ConnectorID: ses.ConnectorID,
|
ConnectorID: ses.ConnectorID,
|
||||||
ID: ses.Identity.ID,
|
ID: ses.Identity.ID,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err == user.ErrorNotFound {
|
||||||
if err == user.ErrorNotFound {
|
// Does the user have an existing account with a different connector?
|
||||||
// If has authenticated via a connector, but no local identity there
|
if ses.Identity.Email != "" {
|
||||||
// are a couple of possibilities:
|
connID, err := getConnectorForUserByEmail(s.UserRepo, ses.Identity.Email)
|
||||||
|
if err == nil {
|
||||||
// * Maybe they are using the wrong connector:
|
// Ask user to sign in through existing account.
|
||||||
if ses.Identity.Email != "" {
|
u := newLoginURLFromSession(s.IssuerURL, ses, false, []string{connID}, "wrong-connector")
|
||||||
if connID, err := getConnectorForUserByEmail(s.UserRepo,
|
return u.String(), nil
|
||||||
ses.Identity.Email); err == nil {
|
|
||||||
|
|
||||||
return newLoginURLFromSession(s.IssuerURL,
|
|
||||||
ses, true, []string{connID},
|
|
||||||
"wrong-connector").String(), nil
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// * User needs to register
|
|
||||||
return newLoginURLFromSession(s.IssuerURL,
|
|
||||||
ses, true, []string{ses.ConnectorID}, "register-maybe").String(), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// User doesn't have an existing account. Ask them to register.
|
||||||
|
u := newLoginURLFromSession(s.IssuerURL, ses, true, []string{ses.ConnectorID}, "register-maybe")
|
||||||
|
return u.String(), nil
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue