Prevent different identities from a same SSO provider from accessing a same account

glitch-soc/security/d0d06c99dcd6280797807fc846910ef4ed1d6ef8
Claire 2024-02-09 14:38:32 +01:00
parent 4e640b2eae
commit dd2834e850
1 changed files with 1 additions and 1 deletions

View File

@ -51,7 +51,7 @@ module Omniauthable
user = User.find_by(email: email) if email_is_verified
return user unless user.nil?
return user unless user.nil? && !Identity.exists?(provider: auth.provider, user_id: user.id)
user = User.new(user_params_from_auth(email, auth))