fix: Improved handling of authentication edge-cases (#2023)

* fix: authentication records not cleaned up for deleted user closes #2022 * fix: Improve debugging for duplicate providerId sign-in requests
2021-04-11 19:39:31 -07:00
parent bc4fe05147
commit 62f9262b2c
4 changed files with 92 additions and 5 deletions
--- a/server/commands/userCreator.test.js
+++ b/server/commands/userCreator.test.js
@ -37,6 +37,62 @@ describe("userCreator", () => {
    expect(isNewUser).toEqual(false);
  });

+  it("should create user with deleted user matching providerId", async () => {
+    const existing = await buildUser();
+    const authentications = await existing.getAuthentications();
+    const existingAuth = authentications[0];
+    const newEmail = "test@example.com";
+
+    await existing.destroy();
+
+    const result = await userCreator({
+      name: "Test Name",
+      email: "test@example.com",
+      teamId: existing.teamId,
+      ip,
+      authentication: {
+        authenticationProviderId: existingAuth.authenticationProviderId,
+        providerId: existingAuth.providerId,
+        accessToken: "123",
+        scopes: ["read"],
+      },
+    });
+
+    const { user, authentication, isNewUser } = result;
+
+    expect(authentication.accessToken).toEqual("123");
+    expect(authentication.scopes.length).toEqual(1);
+    expect(authentication.scopes[0]).toEqual("read");
+    expect(user.email).toEqual(newEmail);
+    expect(isNewUser).toEqual(true);
+  });
+
+  it("should handle duplicate providerId for different iDP", async () => {
+    const existing = await buildUser();
+    const authentications = await existing.getAuthentications();
+    const existingAuth = authentications[0];
+    let error;
+
+    try {
+      await userCreator({
+        name: "Test Name",
+        email: "test@example.com",
+        teamId: existing.teamId,
+        ip,
+        authentication: {
+          authenticationProviderId: "example.org",
+          providerId: existingAuth.providerId,
+          accessToken: "123",
+          scopes: ["read"],
+        },
+      });
+    } catch (err) {
+      error = err;
+    }
+
+    expect(error && error.toString()).toContain("already exists for");
+  });
+
  it("should create a new user", async () => {
    const team = await buildTeam();
    const authenticationProviders = await team.getAuthenticationProviders();