From 88cb4590ba8bf059801837653893f3223a7172ee Mon Sep 17 00:00:00 2001
From: Charles Zhao <charleszhao@silverhand.io>
Date: Mon, 6 Mar 2023 16:48:50 +0800
Subject: [PATCH] fix(console): admin user should be able to link google
 account to profile (#3297)

---
 .../Profile/containers/HandleSocialCallback/index.tsx  |  7 +++++--
 packages/core/src/queries/user.ts                      |  3 ++-
 packages/core/src/routes-me/social.ts                  | 10 +---------
 3 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/packages/console/src/pages/Profile/containers/HandleSocialCallback/index.tsx b/packages/console/src/pages/Profile/containers/HandleSocialCallback/index.tsx
index ab6d8eecc..125b42c0c 100644
--- a/packages/console/src/pages/Profile/containers/HandleSocialCallback/index.tsx
+++ b/packages/console/src/pages/Profile/containers/HandleSocialCallback/index.tsx
@@ -12,10 +12,13 @@ const HandleSocialCallback = () => {
   useEffect(() => {
     (async () => {
       const connectorId = sessionStorage.getItem(profileSocialLinkingKeyPrefix);
-      const connectorData = Object.fromEntries(new URLSearchParams(search));
+      sessionStorage.removeItem(profileSocialLinkingKeyPrefix);
 
       if (connectorId) {
-        sessionStorage.removeItem(profileSocialLinkingKeyPrefix);
+        const queries = new URLSearchParams(search);
+        queries.set('redirectUri', `${adminTenantEndpoint}/callback/${connectorId}`);
+        const connectorData = Object.fromEntries(queries);
+
         await api.post('me/social/link-identity', { json: { connectorId, connectorData } });
 
         window.close();
diff --git a/packages/core/src/queries/user.ts b/packages/core/src/queries/user.ts
index d64be0bff..f9b0a30d8 100644
--- a/packages/core/src/queries/user.ts
+++ b/packages/core/src/queries/user.ts
@@ -81,12 +81,13 @@ export const createUserQueries = (pool: CommonQueryMethods) => {
       ${conditionalSql(excludeUserId, (id) => sql`and ${fields.id}<>${id}`)}
     `);
 
-  const hasUserWithIdentity = async (target: string, userId: string) =>
+  const hasUserWithIdentity = async (target: string, userId: string, excludeUserId?: string) =>
     pool.exists(
       sql`
         select ${fields.id}
         from ${table}
         where ${fields.identities}::json#>>'{${sql.identifier([target])},userId}' = ${userId}
+        ${conditionalSql(excludeUserId, (id) => sql`and ${fields.id}<>${id}`)}
       `
     );
 
diff --git a/packages/core/src/routes-me/social.ts b/packages/core/src/routes-me/social.ts
index 9996004ef..19a54b2f8 100644
--- a/packages/core/src/routes-me/social.ts
+++ b/packages/core/src/routes-me/social.ts
@@ -113,14 +113,6 @@ export default function socialRoutes<T extends AuthedMeRouter>(
 
       const { target } = connector.metadata;
 
-      assertThat(
-        !has(user.identities, target),
-        new RequestError({
-          code: 'user.social_account_exists_in_profile',
-          status: 422,
-        })
-      );
-
       /**
        * Same as above, passing `notImplemented` only works for connectors not relying on session storage.
        * E.g. Google and GitHub
@@ -131,7 +123,7 @@ export default function socialRoutes<T extends AuthedMeRouter>(
       });
 
       assertThat(
-        !(await hasUserWithIdentity(target, socialUserInfo.id)),
+        !(await hasUserWithIdentity(target, socialUserInfo.id, userId)),
         new RequestError({
           code: 'user.identity_already_in_use',
           status: 422,