allow ACCOUNT_LINKING=auto to work without ENABLE_AUTO_REGISTRATION.

2025-11-13 04:11:40 +01:00 · 2025-10-16 10:31:48 -05:00 · 2025-10-16 10:31:48 -05:00 · cb5f281720
commit cb5f281720
parent bf8ecf7c93
1 changed files with 36 additions and 0 deletions
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@ -206,6 +206,42 @@ func SignInOAuthCallback(ctx *context.Context) {
 				ctx.ServerError("SyncGroupsToTeams", err)
 				return
 			}
+		} else if setting.OAuth2Client.AccountLinking == setting.OAuth2AccountLinkingAuto {
+			// allow ACCOUNT_LINKING=auto to work without ENABLE_AUTO_REGISTRATION.
+			var user *user_model.User
+			user = &user_model.User{Email: gothUser.Email}
+			hasUser, err := user_model.GetUser(ctx, user)
+			if err != nil {
+				ctx.ServerError("UserLinkAccount", err)
+				return
+			}
+
+			if hasUser {
+				if err := externalaccount.LinkAccountToUser(ctx, user, &gothUser); err != nil {
+					ctx.ServerError("LinkAccountToUser", err)
+					return
+				}
+
+				userHasTwoFactorAuth, err := auth.HasTwoFactorOrWebAuthn(ctx, user.ID)
+				if err != nil {
+					ctx.ServerError("HasTwoFactorOrWebAuthn", err)
+					return
+				}
+				if err := updateSession(ctx, nil, map[string]any{
+					session.KeyUID:                  user.ID,
+					session.KeyUname:                user.Name,
+					session.KeyUserHasTwoFactorAuth: userHasTwoFactorAuth,
+				}); err != nil {
+					ctx.ServerError("updateSession", err)
+					return
+				}
+				ctx.Csrf.PrepareForSessionUser(ctx)
+				ctx.Redirect(setting.AppSubURL + "/")
+				return
+			}
+
+			showLinkingLogin(ctx, authSource.ID, gothUser)
+			return
 		} else {
 			// no existing user is found, request attach or new account
 			showLinkingLogin(ctx, authSource.ID, gothUser)