fix: IsDuplicatedEmail should filter out identities for the currentUser #1092

kangmingtay · 2023-04-20T11:02:37Z

What kind of change does this PR introduce?

Fixes Cannot change email to the same value of existing auth.identities record for non-"email" providers #1060, Users created with Phone provider (and with an email address added later) are unable to login via oAuth #988
Allows one to pass in an optional currentUser into IsDuplicatedUser to exclude the user's identities when checking for duplicates
This is optional because on signup / admin create user, there won't be a current user so it's guaranteed that any identities found belongs to a different user.

Currently, IsDuplicatedEmail only accepts an email and an aud and uses those fields to check if the auth.identities table has identities with the same email. When this is used in the context of updating a user's email (PUT /user), IsDuplicatedEmail will also include identities that belong to the current user.

internal/models/user.go

Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>

github-actions · 2023-04-20T16:48:25Z

🎉 This PR is included in version 2.60.9 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

fix: IsDuplicatedEmail should filter out identities for the currentUser

5b26fcc

kangmingtay requested a review from a team as a code owner April 20, 2023 11:02

kangmingtay commented Apr 20, 2023

View reviewed changes

internal/models/user.go Outdated Show resolved Hide resolved

Update internal/models/user.go

955fc8e

Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>

kangmingtay force-pushed the km/fix-update-user branch from 7036df5 to 955fc8e Compare April 20, 2023 16:32

J0 approved these changes Apr 20, 2023

View reviewed changes

kangmingtay merged commit dd2b688 into master Apr 20, 2023

kangmingtay deleted the km/fix-update-user branch April 20, 2023 16:41

github-actions bot added the released label Apr 20, 2023