From 68d56e92cb602382ad4f0018f39ecf01bca9d486 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Thu, 27 Oct 2022 13:11:50 +1100
Subject: [PATCH] Wipe OAuth data when changing email addresses

---
 app/Http/Controllers/UserController.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index e34151fb4893..ef34f029e095 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -389,15 +389,18 @@ class UserController extends BaseController
         $new_user = $user->fresh();
 
         /* When changing email address we store the former email in case we need to rollback */
+        /* 27-10-2022 we need to wipe the oauth data at this point*/
         if ($old_user_email != $new_email) {
             $user->last_confirmed_email_address = $old_user_email;
             $user->email_verified_at = null;
+            $user->oauth_user_id = null;
+            $user->oauth_provider_id = null;
+            $user->oauth_user_refresh_token = null;
+            $user->oauth_user_token = null;
             $user->save();
             UserEmailChanged::dispatch($new_user, json_decode($old_user), auth()->user()->company());
         }
 
-       // $user->company_users()->update(["permissions_updated_at" => now()]);        
-
         event(new UserWasUpdated($user, auth()->user(), auth()->user()->company, Ninja::eventVars(auth()->user() ? auth()->user()->id : null)));
 
         return $this->itemResponse($user);