🐛 Fix unhandled exception on try to reuse registration token

2025-05-04 17:25:52 +02:00 · 2024-08-12 11:45:01 +02:00 · 2024-08-12 11:45:01 +02:00 · ec56a4149b
commit ec56a4149b
parent 314742a563
1 changed files with 22 additions and 16 deletions
--- a/backend/src/app/rpc/commands/auth.clj
+++ b/backend/src/app/rpc/commands/auth.clj
@ -355,16 +355,22 @@
        profile    (if-let [profile-id (:profile-id claims)]
                     (profile/get-profile conn profile-id)
-                     (let [is-active (or (boolean (:is-active claims))
+                     ;; NOTE: we first try to match existing profile
-                                         (not (contains? cf/flags :email-verification)))
+                     ;; by email, that in normal circumstances will
-                           params    (-> params
+                     ;; not return anything, but when a user tries to
-                                         (assoc :is-active is-active)
+                     ;; reuse the same token multiple times, we need
-                                         (update :password #(profile/derive-password cfg %)))]
+                     ;; to detect if the profile is already registered
-                       (->> (create-profile! conn params)
+                     (or (profile/get-profile-by-email conn (:email claims))
-                            (create-profile-rels! conn))))
+                         (let [is-active (or (boolean (:is-active claims))
                                             (not (contains? cf/flags :email-verification)))
                               params    (-> params
                                             (assoc :is-active is-active)
                                             (update :password #(profile/derive-password cfg %)))
                               profile   (->> (create-profile! conn params)
                                              (create-profile-rels! conn))]
                           (vary-meta profile assoc :created true))))
-        ;; When no profile-id comes on claims means a new register
+        created?   (-> profile meta :created true?)
        created?   (not (:profile-id claims))
        invitation (when-let [token (:invitation-token params)]
                     (tokens/verify (::setup/props cfg) {:token token :iss :team-invitation}))
@ -422,13 +428,13 @@
             ::audit/profile-id (:id profile)})))
      :else
-      (let [elapsed?    (elapsed-verify-threshold? profile)
+      (let [elapsed? (elapsed-verify-threshold? profile)
-            complaints? (eml/has-reports? conn (:email profile))
+            reports? (eml/has-reports? conn (:email profile))
-            action      (if complaints?
+            action   (if reports?
-                          "ignore-because-complaints"
+                       "ignore-because-complaints"
-                          (if elapsed?
+                       (if elapsed?
-                            "resend-email-verification"
+                         "resend-email-verification"
-                            "ignore"))]
+                         "ignore"))]
        (l/wrn :hint "repeated registry detected"
               :profile-id (str (:id profile))