fix(core): should not sync registered identifier from social (#6283)

should not sync registered identifier from social
2025-03-31 22:51:25 -05:00 · 2024-07-22 15:35:04 +08:00 · 2024-07-22 15:35:04 +08:00 · 9af38c9e5e
commit 9af38c9e5e
parent f56aeb850b
2 changed files with 33 additions and 2 deletions
--- a/packages/core/src/routes/experience/classes/verifications/social-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
@ -210,9 +210,15 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
    const { name, avatar, email: primaryEmail, phone: primaryPhone } = this.socialUserInfo;

    if (isNewUser) {
+      const {
+        users: { hasUserWithEmail, hasUserWithPhone },
+      } = this.queries;
+
      return {
-        ...conditional(primaryEmail && { primaryEmail }),
-        ...conditional(primaryPhone && { primaryPhone }),
+        // Sync the email only if the email is not used by other users
+        ...conditional(primaryEmail && !(await hasUserWithEmail(primaryEmail)) && { primaryEmail }),
+        // Sync the phone only if the phone is not used by other users
+        ...conditional(primaryPhone && !(await hasUserWithPhone(primaryPhone)) && { primaryPhone }),
        ...conditional(name && { name }),
        ...conditional(avatar && { avatar }),
      };
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@ -43,6 +43,31 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
    expect(primaryEmail).toBe(email);
  });

+  it('should successfully sign-up with social but not sync email if the email is registered by another user', async () => {
+    const { userProfile, user } = await generateNewUser({
+      primaryEmail: true,
+    });
+
+    const { primaryEmail } = userProfile;
+
+    const userId = await signInWithSocial(
+      connectorIdMap.get(mockSocialConnectorId)!,
+      {
+        id: generateStandardId(),
+        email: primaryEmail,
+      },
+      {
+        registerNewUser: true,
+      }
+    );
+
+    expect(userId).not.toBe(user.id);
+    const { primaryEmail: newUserPrimaryEmail } = await getUser(userId);
+    expect(newUserPrimaryEmail).toBeNull();
+
+    await Promise.all([deleteUser(userId), deleteUser(user.id)]);
+  });
+
  it('should successfully sign-in with social and sync name', async () => {
    const userId = await signInWithSocial(connectorIdMap.get(mockSocialConnectorId)!, {
      id: socialUserId,