From 9eb91e6f0b175a1e96fd252924a52261ee595ba8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= Date: Fri, 29 Dec 2017 14:17:53 -0800 Subject: [PATCH] Make sure OAuth2 users cannot be associated multiple times --- locale/translations.go | 7 ++++--- locale/translations/fr_FR.json | 3 ++- server/core/context.go | 2 +- server/ui/controller/controller.go | 11 ++++++----- server/ui/controller/oauth2.go | 15 ++++++++++++++- 5 files changed, 27 insertions(+), 11 deletions(-) diff --git a/locale/translations.go b/locale/translations.go index ffaa02bd..749e964a 100644 --- a/locale/translations.go +++ b/locale/translations.go @@ -1,5 +1,5 @@ // Code generated by go generate; DO NOT EDIT. -// 2017-12-28 18:55:07.409784145 -0800 PST m=+0.036504731 +// 2017-12-29 14:12:55.369940267 -0800 PST m=+0.042539315 package locale @@ -209,12 +209,13 @@ var translations = map[string]string{ "Download original content": "Télécharger le contenu original", "Toggle bookmark": "Ajouter/Enlever favoris", "Close modal dialog": "Fermer la boite de dialogue", - "Save article": "Sauvegarder l'article" + "Save article": "Sauvegarder l'article", + "There is already someone associated with this provider!": "Il y a déjà quelqu'un d'associé avec ce provider !" } `, } var translationsChecksums = map[string]string{ "en_US": "6fe95384260941e8a5a3c695a655a932e0a8a6a572c1e45cb2b1ae8baa01b897", - "fr_FR": "30f70cf369dae3e0461e44a444be56d657d7d381801c321e7312886e75278c81", + "fr_FR": "710be25933b58ab1449ec8797696cf937d4854fa0e9db555e2ef8fadd09b4382", } diff --git a/locale/translations/fr_FR.json b/locale/translations/fr_FR.json index e56083d4..f0086d0c 100644 --- a/locale/translations/fr_FR.json +++ b/locale/translations/fr_FR.json @@ -193,5 +193,6 @@ "Download original content": "Télécharger le contenu original", "Toggle bookmark": "Ajouter/Enlever favoris", "Close modal dialog": "Fermer la boite de dialogue", - "Save article": "Sauvegarder l'article" + "Save article": "Sauvegarder l'article", + "There is already someone associated with this provider!": "Il y a déjà quelqu'un d'associé avec ce provider !" } diff --git a/server/core/context.go b/server/core/context.go index dfd8e5b3..d80ce1f8 100644 --- a/server/core/context.go +++ b/server/core/context.go @@ -135,7 +135,7 @@ func (c *Context) SetFlashErrorMessage(message string) { // FlashErrorMessage returns the error flash message and remove it. func (c *Context) FlashErrorMessage() string { - message := c.getContextStringValue(middleware.FlashMessageContextKey) + message := c.getContextStringValue(middleware.FlashErrorMessageContextKey) c.store.UpdateSessionField(c.SessionID(), "flash_error_message", "") return message } diff --git a/server/ui/controller/controller.go b/server/ui/controller/controller.go index 8a45912b..8555c7b8 100644 --- a/server/ui/controller/controller.go +++ b/server/ui/controller/controller.go @@ -44,11 +44,12 @@ func (c *Controller) getCommonTemplateArgs(ctx *core.Context) (tplParams, error) } params := tplParams{ - "menu": "", - "user": user, - "countUnread": countUnread, - "csrf": ctx.CSRF(), - "flashMessage": ctx.FlashMessage(), + "menu": "", + "user": user, + "countUnread": countUnread, + "csrf": ctx.CSRF(), + "flashMessage": ctx.FlashMessage(), + "flashErrorMessage": ctx.FlashErrorMessage(), } return params, nil } diff --git a/server/ui/controller/oauth2.go b/server/ui/controller/oauth2.go index 25899ff2..2aaa5d7d 100644 --- a/server/ui/controller/oauth2.go +++ b/server/ui/controller/oauth2.go @@ -71,7 +71,20 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re } if ctx.IsAuthenticated() { - user := ctx.LoggedUser() + user, err := c.store.UserByExtraField(profile.Key, profile.ID) + if err != nil { + response.HTML().ServerError(err) + return + } + + if user != nil { + logger.Error("[OAuth2] User #%d cannot be associated because %s is already associated", ctx.UserID(), user.Username) + ctx.SetFlashErrorMessage(ctx.Translate("There is already someone associated with this provider!")) + response.Redirect(ctx.Route("settings")) + return + } + + user = ctx.LoggedUser() if err := c.store.UpdateExtraField(user.ID, profile.Key, profile.ID); err != nil { response.HTML().ServerError(err) return