Check email_verified when handling missing user in oauth controller (#2434)

This commit is contained in:
Boy132
2026-07-08 13:13:45 +02:00
committed by GitHub
parent c5181c9c84
commit b8bbf29a7f

View File

@@ -47,10 +47,10 @@ class OAuthController extends Controller
}
// Check for errors (https://www.oauth.com/oauth2-servers/server-side-apps/possible-errors/)
if ($request->get('error')) {
report($request->get('error_description') ?? $request->get('error'));
if ($request->input('error')) {
report($request->input('error_description') ?? $request->input('error'));
return $this->errorRedirect($request->get('error'));
return $this->errorRedirect($request->input('error'));
}
$oauthUser = Socialite::driver($driver->getId())->user();
@@ -77,6 +77,10 @@ class OAuthController extends Controller
return $this->errorRedirect('No email was linked to your account on the OAuth provider.');
}
if (isset($oauthUser->email_verified) && !filter_var($oauthUser->email_verified, FILTER_VALIDATE_BOOLEAN)) {
return $this->errorRedirect('Email not verified on OAuth provider.');
}
$user = User::whereEmail($email)->first();
if ($user) {
if (!$driver->shouldLinkMissingUser($user, $oauthUser)) {