fix: apply email first-bind defaults on legacy login
This commit is contained in:
IanShaw027
@@ -807,37 +807,75 @@ func (s *AuthService) backfillEmailIdentityOnSuccessfulLogin(ctx context.Context
|
||||
if s == nil || user == nil || user.ID <= 0 {
|
||||
return
|
||||
}
|
||||
s.ensureEmailAuthIdentity(ctx, user)
|
||||
if s.ensureEmailAuthIdentity(ctx, user) {
|
||||
if err := s.ApplyProviderDefaultSettingsOnFirstBind(ctx, user.ID, "email"); err != nil {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Failed to apply email first bind defaults: user_id=%d err=%v", user.ID, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func (s *AuthService) ensureEmailAuthIdentity(ctx context.Context, user *User) {
|
||||
func (s *AuthService) ensureEmailAuthIdentity(ctx context.Context, user *User) bool {
|
||||
if s == nil || s.entClient == nil || user == nil || user.ID <= 0 {
|
||||
return
|
||||
return false
|
||||
}
|
||||
|
||||
email := strings.ToLower(strings.TrimSpace(user.Email))
|
||||
if email == "" || isReservedEmail(email) {
|
||||
return
|
||||
return false
|
||||
}
|
||||
|
||||
if err := s.entClient.AuthIdentity.Create().
|
||||
SetUserID(user.ID).
|
||||
SetProviderType("email").
|
||||
SetProviderKey("email").
|
||||
SetProviderSubject(email).
|
||||
SetVerifiedAt(time.Now().UTC()).
|
||||
SetMetadata(map[string]any{
|
||||
"source": "auth_service_dual_write",
|
||||
}).
|
||||
OnConflictColumns(
|
||||
authidentity.FieldProviderType,
|
||||
authidentity.FieldProviderKey,
|
||||
authidentity.FieldProviderSubject,
|
||||
).
|
||||
DoNothing().
|
||||
Exec(ctx); err != nil {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Failed to ensure email auth identity: user_id=%d email=%s err=%v", user.ID, email, err)
|
||||
client := s.entClient
|
||||
if tx := dbent.TxFromContext(ctx); tx != nil {
|
||||
client = tx.Client()
|
||||
}
|
||||
|
||||
buildQuery := func() *dbent.AuthIdentityQuery {
|
||||
return client.AuthIdentity.Query().Where(
|
||||
authidentity.ProviderTypeEQ("email"),
|
||||
authidentity.ProviderKeyEQ("email"),
|
||||
authidentity.ProviderSubjectEQ(email),
|
||||
)
|
||||
}
|
||||
|
||||
existed, err := buildQuery().Exist(ctx)
|
||||
if err != nil {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Failed to inspect email auth identity: user_id=%d email=%s err=%v", user.ID, email, err)
|
||||
return false
|
||||
}
|
||||
|
||||
if !existed {
|
||||
if err := client.AuthIdentity.Create().
|
||||
SetUserID(user.ID).
|
||||
SetProviderType("email").
|
||||
SetProviderKey("email").
|
||||
SetProviderSubject(email).
|
||||
SetVerifiedAt(time.Now().UTC()).
|
||||
SetMetadata(map[string]any{
|
||||
"source": "auth_service_dual_write",
|
||||
}).
|
||||
OnConflictColumns(
|
||||
authidentity.FieldProviderType,
|
||||
authidentity.FieldProviderKey,
|
||||
authidentity.FieldProviderSubject,
|
||||
).
|
||||
DoNothing().
|
||||
Exec(ctx); err != nil {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Failed to ensure email auth identity: user_id=%d email=%s err=%v", user.ID, email, err)
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
identity, err := buildQuery().Only(ctx)
|
||||
if err != nil {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Failed to reload email auth identity: user_id=%d email=%s err=%v", user.ID, email, err)
|
||||
return false
|
||||
}
|
||||
if identity.UserID != user.ID {
|
||||
logger.LegacyPrintf("service.auth", "[Auth] Email auth identity ownership mismatch: user_id=%d email=%s owner_id=%d", user.ID, email, identity.UserID)
|
||||
return false
|
||||
}
|
||||
|
||||
return !existed
|
||||
}
|
||||
|
||||
func inferLegacySignupSource(email string) string {
|
||||
|
||||
Reference in New Issue
Block a user