diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index a02feb210..f3cb2b0b8 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -24,8 +24,17 @@ def openid_connect if current_user.nil? # if user is not signed in (They clicked the SSO sign in button) if user.nil? # If an entry does not exist in the identifiers table for the chosen SSO account - # Register and sign in user = User.create_from_provider_data(auth) + if user.nil? # if a user was NOT created (a match was found for User.find_by(email: auth.info.email) + # Do not link SSO credentials for the signed out, existing user + flash[:alert] = _('The email you selected has not yet been linked to an existing account.
' \ + "Please sign in via the 'Sign in' button and navigate to the " \ + "'Edit Profile' section of DMP Assistant.
" \ + 'From there you can link an email and enable single sign on access.
') + redirect_to root_path + return + end + # A new user was created, link the SSO credentials (we can do this for a newly created user) user.identifiers << Identifier.create(identifier_scheme: identifier_scheme, value: auth.uid, attrs: auth, diff --git a/app/models/user.rb b/app/models/user.rb index 444e01611..ec675c2e3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -188,7 +188,7 @@ def self.from_omniauth(auth) def self.create_from_provider_data(provider_data) user = User.find_by email: provider_data.info.email - return user if user + return if user User.create!( firstname: provider_data.info&.first_name.present? ? provider_data.info.first_name : _('First name'),