Merge pull request #242 from ericchiang/duplicate_login

server: fix flow when user logs in through wrong connector

server/server.go

@@ -322,26 +322,22 @@ func (s *Server) Login(ident oidc.Identity, key string) (string, error) {
 		ConnectorID: ses.ConnectorID,
 		ID:          ses.Identity.ID,
 	})
-	if err != nil {
+	if err == user.ErrorNotFound {
-		if err == user.ErrorNotFound {
+		// Does the user have an existing account with a different connector?
-			// If has authenticated via a connector, but no local identity there
+		if ses.Identity.Email != "" {
-			// are a couple of possibilities:
+			connID, err := getConnectorForUserByEmail(s.UserRepo, ses.Identity.Email)
-
+			if err == nil {
-			// * Maybe they are using the wrong connector:
+				// Ask user to sign in through existing account.
-			if ses.Identity.Email != "" {
+				u := newLoginURLFromSession(s.IssuerURL, ses, false, []string{connID}, "wrong-connector")
-				if connID, err := getConnectorForUserByEmail(s.UserRepo,
+				return u.String(), nil
-					ses.Identity.Email); err == nil {
-
-					return newLoginURLFromSession(s.IssuerURL,
-						ses, true, []string{connID},
-						"wrong-connector").String(), nil
-				}
 			}
-
-			// * User needs to register
-			return newLoginURLFromSession(s.IssuerURL,
-				ses, true, []string{ses.ConnectorID}, "register-maybe").String(), nil
 		}
+
+		// User doesn't have an existing account. Ask them to register.
+		u := newLoginURLFromSession(s.IssuerURL, ses, true, []string{ses.ConnectorID}, "register-maybe")
+		return u.String(), nil
+	}
+	if err != nil {
 		return "", err
 	}