Skip to content

Commit c98e293

Browse files
authored
fix: unlink OIDC providers when user updates email address (#3307)
1 parent ebbe382 commit c98e293

2 files changed

Lines changed: 9 additions & 0 deletions

File tree

src/backend/controllers/auth/AuthController.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2038,6 +2038,8 @@ export class AuthController extends PuterController {
20382038
requires_email_confirmation: 0,
20392039
});
20402040

2041+
await this.stores.oidc.unlinkAllByUserId(user.id);
2042+
20412043
try {
20422044
this.clients.event?.emit(
20432045
'user.email-changed' as never,

src/backend/stores/oidc/OIDCStore.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,4 +87,11 @@ export class OIDCStore extends PuterStore {
8787
[userId, provider],
8888
);
8989
}
90+
91+
async unlinkAllByUserId(userId) {
92+
await this.clients.db.write(
93+
'DELETE FROM `user_oidc_providers` WHERE `user_id` = ?',
94+
[userId],
95+
);
96+
}
9097
}

0 commit comments

Comments
 (0)