Allow account linking for Google and SAML providers (#6874)
* allow account linking for self-hosted instances, both Google and SAML are verified emails * allow account linking for Google and SSO if emails match with existing username/password account * Tweaked find user by email since we now have multiple providers (other than credentials provider)
This commit is contained in:
parent
f7523b77a6
commit
01db31c899
|
@ -164,6 +164,7 @@ if (IS_GOOGLE_LOGIN_ENABLED) {
|
|||
GoogleProvider({
|
||||
clientId: GOOGLE_CLIENT_ID,
|
||||
clientSecret: GOOGLE_CLIENT_SECRET,
|
||||
allowDangerousEmailAccountLinking: true,
|
||||
})
|
||||
);
|
||||
}
|
||||
|
@ -202,6 +203,7 @@ if (isSAMLLoginEnabled) {
|
|||
clientId: "dummy",
|
||||
clientSecret: "dummy",
|
||||
},
|
||||
allowDangerousEmailAccountLinking: true,
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -497,7 +499,13 @@ export default NextAuth({
|
|||
return true;
|
||||
}
|
||||
|
||||
if (existingUserWithEmail.identityProvider === IdentityProvider.CAL) {
|
||||
// User signs up with email/password and then tries to login with Google/SAML using the same email
|
||||
if (
|
||||
existingUserWithEmail.identityProvider === IdentityProvider.CAL &&
|
||||
(idP === IdentityProvider.GOOGLE || idP === IdentityProvider.SAML)
|
||||
) {
|
||||
return true;
|
||||
} else if (existingUserWithEmail.identityProvider === IdentityProvider.CAL) {
|
||||
return "/auth/error?error=use-password-login";
|
||||
}
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
|
|||
OR: [
|
||||
{ username },
|
||||
{
|
||||
AND: [{ email: userEmail }, { password: { not: null } }, { username: { not: null } }],
|
||||
AND: [{ email: userEmail }],
|
||||
},
|
||||
],
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue
Block a user