Prerequisites to removing Facebook authentication (#13683)

* Don't sign in user when trying to connect a social account that was already created * Log social users into matching local auth accounts If the social account has an email that already exists as a local user, instead of creating a new account log them into their account and add the social auth to the account * If possible set local authentication email for social users * Allow password reset emails to be sent to social login users * lint fixes * Fix issues and tests * fix tests * Fix lint error.
2025-12-14 21:27:23 +01:00 · 2022-01-21 22:15:58 +01:00
parent d11810677c
commit 1177ad8b8c
12 changed files with 288 additions and 72 deletions
--- a/website/server/controllers/api-v3/auth.js
+++ b/website/server/controllers/api-v3/auth.js
@@ -341,7 +341,14 @@ api.resetPassword = {
    if (validationErrors) throw validationErrors;

    const email = req.body.email.toLowerCase();
-    const user = await User.findOne({ 'auth.local.email': email }).exec();
+    const user = await User.findOne({
+      $or: [
+        { 'auth.local.email': email },
+        { 'auth.apple.emails.value': email },
+        { 'auth.google.emails.value': email },
+        { 'auth.facebook.emails.value': email },
+      ],
+    }).exec();

    if (user) {
      // create an encrypted link to be used to reset the password