oadmin/sub2api
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: tighten pending oauth email routing and binding state

Browse Source
This commit is contained in:
IanShaw027
2026-04-21 10:41:29 +08:00
parent dcd5c43da4
commit 7e89bca5e6
9 changed files with 685 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
backend/internal/service/user_service.go
View File

@@ -240,7 +240,7 @@ func (s *UserService) GetProfileIdentitySummaries(ctx context.Context, userID in
}
return UserIdentitySummarySet{
Email: s.buildEmailIdentitySummary(user),
Email: s.buildEmailIdentitySummary(user, records),
LinuxDo: s.buildProviderIdentitySummary("linuxdo", records),
OIDC: s.buildProviderIdentitySummary("oidc", records),
WeChat: s.buildProviderIdentitySummary("wechat", records),
@@ -497,7 +497,7 @@ func compressInlineAvatar(decoded []byte) ([]byte, string, error) {
return nil, "", ErrAvatarTooLarge
}
func (s *UserService) buildEmailIdentitySummary(user *User) UserIdentitySummary {
func (s *UserService) buildEmailIdentitySummary(user *User, records []UserAuthIdentityRecord) UserIdentitySummary {
summary := UserIdentitySummary{
Provider: "email",
CanBind: false,
@@ -508,11 +508,34 @@ func (s *UserService) buildEmailIdentitySummary(user *User) UserIdentitySummary
return summary
}
filtered := filterUserAuthIdentities(records, "email")
if len(filtered) > 0 {
primary := selectPrimaryUserAuthIdentity(filtered)
email := strings.TrimSpace(firstStringIdentityValue(primary.Metadata, "email"))
if email == "" {
email = strings.TrimSpace(primary.ProviderSubject)
}
if email == "" || isReservedEmail(email) {
email = strings.TrimSpace(user.Email)
}
if email == "" || isReservedEmail(email) {
email = strings.TrimSpace(primary.ProviderKey)
}
summary.Bound = true
summary.BoundCount = len(filtered)
summary.DisplayName = email
summary.SubjectHint = maskEmailIdentity(email)
summary.ProviderKey = strings.TrimSpace(primary.ProviderKey)
summary.VerifiedAt = primary.VerifiedAt
return summary
}
// Compatibility fallback for legacy normal-email users that predate auth_identities backfill.
email := strings.TrimSpace(user.Email)
if email == "" || isReservedEmail(email) {
return summary
}
summary.Bound = true
summary.BoundCount = 1
summary.DisplayName = email