From 08f3e9c06b8f363cfc583f4e24ac3a6a21aa668d Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Sun, 10 Mar 2024 15:23:17 +0100
Subject: [PATCH] Prevent two accounts from behing linked to the same external
 account

---
 back/src/Kyoo.Authentication/Controllers/OidcController.cs | 5 ++++-
 back/src/Kyoo.Authentication/Views/AuthApi.cs              | 2 +-
 back/tests/Kyoo.Tests/Database/RepositoryActivator.cs      | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/back/src/Kyoo.Authentication/Controllers/OidcController.cs b/back/src/Kyoo.Authentication/Controllers/OidcController.cs
index 6182cc51..8e9b9eec 100644
--- a/back/src/Kyoo.Authentication/Controllers/OidcController.cs
+++ b/back/src/Kyoo.Authentication/Controllers/OidcController.cs
@@ -112,9 +112,12 @@ public class OidcController(
 		return user;
 	}
 
-	public async Task<User> LinkAccount(Guid userId, string provider, string code)
+	public async Task<User> LinkAccountOrLogin(Guid userId, string provider, string code)
 	{
 		(_, ExternalToken extToken) = await _TranslateCode(provider, code);
+		User? user = await users.GetByExternalId(provider, extToken.Id);
+		if (user != null)
+			return user;
 		return await users.AddExternalToken(userId, provider, extToken);
 	}
 }
diff --git a/back/src/Kyoo.Authentication/Views/AuthApi.cs b/back/src/Kyoo.Authentication/Views/AuthApi.cs
index e25560cf..e4469804 100644
--- a/back/src/Kyoo.Authentication/Views/AuthApi.cs
+++ b/back/src/Kyoo.Authentication/Views/AuthApi.cs
@@ -173,7 +173,7 @@ namespace Kyoo.Authentication.Views
 
 			Guid? userId = User.GetId();
 			User user = userId.HasValue
-				? await oidc.LinkAccount(userId.Value, provider, code)
+				? await oidc.LinkAccountOrLogin(userId.Value, provider, code)
 				: await oidc.LoginViaCode(provider, code);
 			return new JwtToken(
 				tokenController.CreateAccessToken(user, out TimeSpan expireIn),
diff --git a/back/tests/Kyoo.Tests/Database/RepositoryActivator.cs b/back/tests/Kyoo.Tests/Database/RepositoryActivator.cs
index af83d7ae..85ac013c 100644
--- a/back/tests/Kyoo.Tests/Database/RepositoryActivator.cs
+++ b/back/tests/Kyoo.Tests/Database/RepositoryActivator.cs
@@ -59,7 +59,7 @@ namespace Kyoo.Tests.Database
 			SeasonRepository season = new(_NewContext(), thumbs.Object);
 			LibraryItemRepository libraryItem = new(_NewConnection(), new(null));
 			EpisodeRepository episode = new(_NewContext(), show, thumbs.Object);
-			UserRepository user = new(_NewContext(), _NewConnection(), new(null), thumbs.Object);
+			UserRepository user = new(_NewContext(), _NewConnection(), new(null), thumbs.Object, new());
 
 			_repositories = new IBaseRepository[]
 			{