DEV: Allow ManagedAuthenticator classes to match by username (#18517)

2025-05-31 22:35:03 +08:00 · 2022-10-11 12:25:13 +02:00
parent a10a81244c
commit 36f7fbebdc
2 changed files with 94 additions and 0 deletions
--- a/lib/auth/managed_authenticator.rb
+++ b/lib/auth/managed_authenticator.rb
@ -24,6 +24,11 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
    true
  end

+  # Depending on the authenticator, this could be insecure, so it's disabled by default
+  def match_by_username
+    false
+  end
+
  def primary_email_verified?(auth_token)
    # Omniauth providers should only provide verified emails in the :info hash.
    # This method allows additional checks to be added
@ -67,6 +72,16 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
      association.user = user
    end

+    # Matching an account by username
+    if match_by_username &&
+        association.user.nil? &&
+        SiteSetting.username_change_period.zero? &&
+        (user = find_user_by_username(auth_token))
+
+      UserAssociatedAccount.where(user: user, provider_name: auth_token[:provider]).destroy_all # Destroy existing associations for the new user
+      association.user = user
+    end
+
    # Update all the metadata in the association:
    association.info = auth_token[:info] || {}
    association.credentials = auth_token[:credentials] || {}
@ -122,6 +137,13 @@ class Auth::ManagedAuthenticator < Auth::Authenticator
    end
  end

+  def find_user_by_username(auth_token)
+    username = auth_token.dig(:info, :nickname)
+    if username
+      User.find_by_username(username)
+    end
+  end
+
  def retrieve_avatar(user, url)
    return unless user && url
    return if user.user_avatar.try(:custom_upload_id).present?