mirror of
https://github.com/pelican-dev/panel.git
synced 2026-07-15 21:48:08 +03:00
Check email_verified when handling missing user in oauth controller (#2434)
This commit is contained in:
@@ -47,10 +47,10 @@ class OAuthController extends Controller
|
||||
}
|
||||
|
||||
// Check for errors (https://www.oauth.com/oauth2-servers/server-side-apps/possible-errors/)
|
||||
if ($request->get('error')) {
|
||||
report($request->get('error_description') ?? $request->get('error'));
|
||||
if ($request->input('error')) {
|
||||
report($request->input('error_description') ?? $request->input('error'));
|
||||
|
||||
return $this->errorRedirect($request->get('error'));
|
||||
return $this->errorRedirect($request->input('error'));
|
||||
}
|
||||
|
||||
$oauthUser = Socialite::driver($driver->getId())->user();
|
||||
@@ -77,6 +77,10 @@ class OAuthController extends Controller
|
||||
return $this->errorRedirect('No email was linked to your account on the OAuth provider.');
|
||||
}
|
||||
|
||||
if (isset($oauthUser->email_verified) && !filter_var($oauthUser->email_verified, FILTER_VALIDATE_BOOLEAN)) {
|
||||
return $this->errorRedirect('Email not verified on OAuth provider.');
|
||||
}
|
||||
|
||||
$user = User::whereEmail($email)->first();
|
||||
if ($user) {
|
||||
if (!$driver->shouldLinkMissingUser($user, $oauthUser)) {
|
||||
|
||||
Reference in New Issue
Block a user