diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go index 2b7035c35e..abd07a70ec 100644 --- a/internal/api/ui/login/external_provider_handler.go +++ b/internal/api/ui/login/external_provider_handler.go @@ -292,14 +292,14 @@ func (l *Login) handleExternalUserAuthenticated( l.renderError(w, r, authReq, externalErr) return } - externalUser, externalUserChange, err := l.runPostExternalAuthenticationActions(externalUser, tokens(session), authReq, r, user, externalErr) + externalUser, externalUserChange, err := l.runPostExternalAuthenticationActions(externalUser, tokens(session), authReq, r, user, nil) if err != nil { l.renderError(w, r, authReq, err) return } // if action is done and no user linked then link or register if errors.IsNotFound(externalErr) { - l.externalUserNotExisting(w, r, authReq, provider, externalUser) + l.externalUserNotExisting(w, r, authReq, provider, externalUser, externalUserChange) return } if provider.IsAutoUpdate || len(externalUser.Metadatas) > 0 || externalUserChange { @@ -334,7 +334,7 @@ func (l *Login) handleExternalUserAuthenticated( // * external not found overview: // - creation by user // - linking to existing user -func (l *Login) externalUserNotExisting(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, provider *query.IDPTemplate, externalUser *domain.ExternalUser) { +func (l *Login) externalUserNotExisting(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, provider *query.IDPTemplate, externalUser *domain.ExternalUser, changed bool) { resourceOwner := authz.GetInstance(r.Context()).DefaultOrganisationID() if authReq.RequestedOrgID != "" && authReq.RequestedOrgID != resourceOwner { @@ -360,6 +360,12 @@ func (l *Login) externalUserNotExisting(w http.ResponseWriter, r *http.Request, l.renderExternalNotFoundOption(w, r, authReq, orgIAMPolicy, human, idpLink, err) return } + if changed { + if err := l.authRepo.SetLinkingUser(r.Context(), authReq, externalUser); err != nil { + l.renderError(w, r, authReq, err) + return + } + } l.autoCreateExternalUser(w, r, authReq) } diff --git a/internal/auth/repository/auth_request.go b/internal/auth/repository/auth_request.go index 17f8893655..ffa70f9d60 100644 --- a/internal/auth/repository/auth_request.go +++ b/internal/auth/repository/auth_request.go @@ -17,6 +17,7 @@ type AuthRequestRepository interface { CheckLoginName(ctx context.Context, id, loginName, userAgentID string) error CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser, info *domain.BrowserInfo) error SetExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser) error + SetLinkingUser(ctx context.Context, request *domain.AuthRequest, externalUser *domain.ExternalUser) error SelectUser(ctx context.Context, id, userID, userAgentID string) error SelectExternalIDP(ctx context.Context, authReqID, idpConfigID, userAgentID string) error VerifyPassword(ctx context.Context, id, userID, resourceOwner, password, userAgentID string, info *domain.BrowserInfo) error diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index fcabd8f77f..6e7de351e6 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -278,6 +278,16 @@ func (repo *AuthRequestRepo) SetExternalUserLogin(ctx context.Context, authReqID return repo.AuthRequests.UpdateAuthRequest(ctx, request) } +func (repo *AuthRequestRepo) SetLinkingUser(ctx context.Context, request *domain.AuthRequest, externalUser *domain.ExternalUser) error { + for i, user := range request.LinkingUsers { + if user.ExternalUserID == externalUser.ExternalUserID { + request.LinkingUsers[i] = externalUser + return repo.AuthRequests.UpdateAuthRequest(ctx, request) + } + } + return nil +} + func (repo *AuthRequestRepo) setLinkingUser(ctx context.Context, request *domain.AuthRequest, externalUser *domain.ExternalUser) error { request.LinkingUsers = append(request.LinkingUsers, externalUser) return repo.AuthRequests.UpdateAuthRequest(ctx, request)