| 119 | } |
| 120 | |
| 121 | func (a *API) linkIdentityToUser(r *http.Request, ctx context.Context, tx *storage.Connection, userData *provider.UserProvidedData, providerType string) (*models.User, error) { |
| 122 | targetUser := getTargetUser(ctx) |
| 123 | identity, terr := models.FindIdentityByIdAndProvider(tx, userData.Metadata.Subject, providerType) |
| 124 | if terr != nil { |
| 125 | if !models.IsNotFoundError(terr) { |
| 126 | return nil, apierrors.NewInternalServerError("Database error finding identity for linking").WithInternalError(terr) |
| 127 | } |
| 128 | } |
| 129 | if identity != nil { |
| 130 | if identity.UserID == targetUser.ID { |
| 131 | return nil, apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeIdentityAlreadyExists, "Identity is already linked") |
| 132 | } |
| 133 | return nil, apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeIdentityAlreadyExists, "Identity is already linked to another user") |
| 134 | } |
| 135 | if _, terr := a.createNewIdentity(tx, targetUser, providerType, structs.Map(userData.Metadata)); terr != nil { |
| 136 | return nil, terr |
| 137 | } |
| 138 | |
| 139 | if targetUser.GetEmail() == "" { |
| 140 | if terr := targetUser.UpdateUserEmailFromIdentities(tx); terr != nil { |
| 141 | if models.IsUniqueConstraintViolatedError(terr) { |
| 142 | return nil, apierrors.NewBadRequestError(apierrors.ErrorCodeEmailExists, DuplicateEmailMsg) |
| 143 | } |
| 144 | return nil, terr |
| 145 | } |
| 146 | if !userData.Metadata.EmailVerified { |
| 147 | if terr := a.sendConfirmation(r, tx, targetUser, models.ImplicitFlow); terr != nil { |
| 148 | return nil, terr |
| 149 | } |
| 150 | return nil, storage.NewCommitWithError(apierrors.NewUnprocessableEntityError(apierrors.ErrorCodeEmailNotConfirmed, "Unverified email with %v. A confirmation email has been sent to your %v email", providerType, providerType)) |
| 151 | } |
| 152 | if terr := targetUser.Confirm(tx); terr != nil { |
| 153 | return nil, terr |
| 154 | } |
| 155 | |
| 156 | if targetUser.IsAnonymous { |
| 157 | targetUser.IsAnonymous = false |
| 158 | if terr := tx.UpdateOnly(targetUser, "is_anonymous"); terr != nil { |
| 159 | return nil, terr |
| 160 | } |
| 161 | } |
| 162 | } |
| 163 | |
| 164 | if terr := targetUser.UpdateAppMetaDataProviders(tx); terr != nil { |
| 165 | return nil, terr |
| 166 | } |
| 167 | |
| 168 | // Send identity linked notification email if enabled and user has an email |
| 169 | if a.config.Mailer.Notifications.IdentityLinkedEnabled && targetUser.GetEmail() != "" { |
| 170 | if terr := a.sendIdentityLinkedNotification(r, tx, targetUser, providerType); terr != nil { |
| 171 | // Log the error but don't fail the linking |
| 172 | logrus.WithError(terr).Warn("Unable to send identity linked notification email") |
| 173 | } |
| 174 | } |
| 175 | |
| 176 | return targetUser, nil |
| 177 | } |