Prevent different identities from a same SSO provider from accessing a same account
parent
d509dda192
commit
e61e801148
|
@ -51,7 +51,7 @@ module Omniauthable
|
||||||
|
|
||||||
user = User.find_by(email: email) if email_is_verified
|
user = User.find_by(email: email) if email_is_verified
|
||||||
|
|
||||||
return user unless user.nil?
|
return user unless user.nil? && !Identity.exists?(provider: auth.provider, user_id: user.id)
|
||||||
|
|
||||||
user = User.new(user_params_from_auth(email, auth))
|
user = User.new(user_params_from_auth(email, auth))
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue