From 55c78b8e7413f86c024fa3ca6179b204b9f99f70 Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Thu, 29 Aug 2024 13:07:09 -0400 Subject: [PATCH] Only allow oauth login against current login method There's probably a needed frontend change here too, but can handle that after the fact --- apps/core/lib/core/services/users.ex | 3 ++- apps/core/test/services/accounts_test.exs | 2 +- apps/core/test/services/users_test.exs | 8 +++++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/apps/core/lib/core/services/users.ex b/apps/core/lib/core/services/users.ex index 6a1041bdf..d01a9978c 100644 --- a/apps/core/lib/core/services/users.ex +++ b/apps/core/lib/core/services/users.ex @@ -373,8 +373,9 @@ defmodule Core.Services.Users do |> Map.merge(login_args(service)) |> Map.put(:password, Ecto.UUID.generate()) |> create_user() - %User{} = user -> + %User{login_method: ^service} = user -> update_user(login_args(service), user) + _ -> {:error, "you don't have login with #{service} enabled"} end end diff --git a/apps/core/test/services/accounts_test.exs b/apps/core/test/services/accounts_test.exs index 01b174994..24157bd45 100644 --- a/apps/core/test/services/accounts_test.exs +++ b/apps/core/test/services/accounts_test.exs @@ -335,7 +335,7 @@ defmodule Core.Services.AccountsTest do assert invite.user_id == user.id end - test "nonroot users can create group members", %{account: account} do + test "nonroot users cannot create group members", %{account: account} do {:error, _} = Accounts.create_invite(%{email: "some@example.com"}, insert(:user, account: account)) end end diff --git a/apps/core/test/services/users_test.exs b/apps/core/test/services/users_test.exs index 4fe281ee6..8caa07b93 100644 --- a/apps/core/test/services/users_test.exs +++ b/apps/core/test/services/users_test.exs @@ -524,13 +524,19 @@ defmodule Core.Services.UsersTest do end test "it will update login method for existing users" do - user = insert(:user) + user = insert(:user, login_method: :google) {:ok, upd} = Users.bootstrap_user(:google, %{email: user.email}) assert upd.id == user.id assert upd.login_method == :google end + + test "it will not allow logins w/o login method set" do + user = insert(:user) + + {:error, _} = Users.bootstrap_user(:google, %{email: user.email}) + end end describe "#create_trust_relationship" do