From 0d325f2c73599786ed820c0bd43c3c314cf4b6c9 Mon Sep 17 00:00:00 2001 From: Zoe Roux Date: Sun, 3 Mar 2024 22:34:11 +0100 Subject: [PATCH] Handle duplicated usernames with oidc login --- back/src/Kyoo.Authentication/Views/AuthApi.cs | 26 ++++++++++++++----- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/back/src/Kyoo.Authentication/Views/AuthApi.cs b/back/src/Kyoo.Authentication/Views/AuthApi.cs index 1dd0e1b5..e926cc4e 100644 --- a/back/src/Kyoo.Authentication/Views/AuthApi.cs +++ b/back/src/Kyoo.Authentication/Views/AuthApi.cs @@ -184,9 +184,9 @@ namespace Kyoo.Authentication.Views client.DefaultRequestHeaders.Add("Authorization", $"Basic {auth}"); HttpResponseMessage resp = await client.PostAsync( - _BuildUrl( - prov.TokenUrl, - new() + prov.TokenUrl, + new FormUrlEncodedContent( + new Dictionary() { ["code"] = code, ["client_id"] = prov.ClientId, @@ -195,11 +195,12 @@ namespace Kyoo.Authentication.Views $"{options.PublicUrl.TrimEnd('/')}/api/auth/logged/{provider}", ["grant_type"] = "authorization_code", } - ), - null + ) ); if (!resp.IsSuccessStatusCode) - return BadRequest("Invalid code or configuration."); + return BadRequest( + $"Invalid code or configuration. {resp.StatusCode}: {await resp.Content.ReadAsStringAsync()}" + ); JwtToken? token = await resp.Content.ReadFromJsonAsync(); if (token is null) return BadRequest("Could not retrive token."); @@ -232,7 +233,18 @@ namespace Kyoo.Authentication.Views User? user = await users.GetByExternalId(provider, extToken.Id); if (user == null) - user = await users.Create(newUser); + { + try + { + user = await users.Create(newUser); + } + catch + { + return BadRequest( + "A user already exists with the same username. If this is you, login via username and then link your account." + ); + } + } return new JwtToken( tokenController.CreateAccessToken(user, out TimeSpan expireIn), await tokenController.CreateRefreshToken(user),