From 9d2553621a87d6e67ffeca6faaebd872ba7f2c91 Mon Sep 17 00:00:00 2001 From: Claire Date: Fri, 9 Feb 2024 14:38:32 +0100 Subject: [PATCH] Prevent different identities from a same SSO provider from accessing a same account --- app/models/concerns/user/omniauthable.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/concerns/user/omniauthable.rb b/app/models/concerns/user/omniauthable.rb index 6d1d1b8cc3..0d28aa54c0 100644 --- a/app/models/concerns/user/omniauthable.rb +++ b/app/models/concerns/user/omniauthable.rb @@ -51,7 +51,7 @@ module User::Omniauthable user = User.find_by(email: email) if email_is_verified - return user unless user.nil? + return user unless user.nil? && !Identity.exists?(provider: auth.provider, user_id: user.id) user = User.new(user_params_from_auth(email, auth))