feat: auto link accounts with the same email (#1464)

2025-05-23 10:45:47 +08:00 · 2023-01-11 23:19:16 +08:00 · 2023-01-11 23:19:16 +08:00 · 7d25b9cdd8
commit 7d25b9cdd8
parent ead844131e
11 changed files with 74 additions and 40 deletions
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -405,54 +405,61 @@ func (c *ApiController) Login() {
 					return
 				}

-				// Handle username conflicts
-				tmpUser := object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Username))
-				if tmpUser != nil {
-					uid, err := uuid.NewRandom()
+				if application.EnableLinkWithEmail {
+					// find user that has the same email
+					user = object.GetUserByField(application.Organization, "email", userInfo.Email)
+				}
+
+				if user == nil || user.IsDeleted {
+					// Handle username conflicts
+					tmpUser := object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Username))
+					if tmpUser != nil {
+						uid, err := uuid.NewRandom()
+						if err != nil {
+							c.ResponseError(err.Error())
+							return
+						}
+
+						uidStr := strings.Split(uid.String(), "-")
+						userInfo.Username = fmt.Sprintf("%s_%s", userInfo.Username, uidStr[1])
+					}
+
+					properties := map[string]string{}
+					properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
+					initScore, err := getInitScore(organization)
 					if err != nil {
-						c.ResponseError(err.Error())
+						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 						return
 					}

-					uidStr := strings.Split(uid.String(), "-")
-					userInfo.Username = fmt.Sprintf("%s_%s", userInfo.Username, uidStr[1])
+					user = &object.User{
+						Owner:             application.Organization,
+						Name:              userInfo.Username,
+						CreatedTime:       util.GetCurrentTime(),
+						Id:                util.GenerateId(),
+						Type:              "normal-user",
+						DisplayName:       userInfo.DisplayName,
+						Avatar:            userInfo.AvatarUrl,
+						Address:           []string{},
+						Email:             userInfo.Email,
+						Score:             initScore,
+						IsAdmin:           false,
+						IsGlobalAdmin:     false,
+						IsForbidden:       false,
+						IsDeleted:         false,
+						SignupApplication: application.Name,
+						Properties:        properties,
+					}
+
+					affected := object.AddUser(user)
+					if !affected {
+						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
+						return
+					}
 				}

-				properties := map[string]string{}
-				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
-				initScore, err := getInitScore(organization)
-				if err != nil {
-					c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
-					return
-				}
-
-				user = &object.User{
-					Owner:             application.Organization,
-					Name:              userInfo.Username,
-					CreatedTime:       util.GetCurrentTime(),
-					Id:                util.GenerateId(),
-					Type:              "normal-user",
-					DisplayName:       userInfo.DisplayName,
-					Avatar:            userInfo.AvatarUrl,
-					Address:           []string{},
-					Email:             userInfo.Email,
-					Score:             initScore,
-					IsAdmin:           false,
-					IsGlobalAdmin:     false,
-					IsForbidden:       false,
-					IsDeleted:         false,
-					SignupApplication: application.Name,
-					Properties:        properties,
-				}
 				// sync info from 3rd-party if possible
 				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-
-				affected := object.AddUser(user)
-				if !affected {
-					c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
-					return
-				}
-
 				object.LinkUserAccount(user, provider.Type, userInfo.Id)

 				resp = c.HandleLoggedIn(application, user, &form)
--- a/object/application.go
+++ b/object/application.go
@ -50,6 +50,7 @@ type Application struct {
 	EnableCodeSignin    bool            `json:"enableCodeSignin"`
 	EnableSamlCompress  bool            `json:"enableSamlCompress"`
 	EnableWebAuthn      bool            `json:"enableWebAuthn"`
+	EnableLinkWithEmail bool            `json:"enableLinkWithEmail"`
 	SamlReplyUrl        string          `xorm:"varchar(100)" json:"samlReplyUrl"`
 	Providers           []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -606,6 +606,16 @@ class ApplicationEditPage extends React.Component {
            />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col span={(Setting.isMobile()) ? 19 : 6}>
+            {Setting.getLabel(i18next.t("application:Enable link accounts that with the same email"), i18next.t("application:Enable link accounts that with the same email - Tooltip"))} :
+          </Col>
+          <Col span={1} >
+            <Switch checked={this.state.application.enableLinkWithEmail} onChange={checked => {
+              this.updateApplicationField("enableLinkWithEmail", checked);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Preview"), i18next.t("general:Preview - Tooltip"))} :
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Enable WebAuthn signin - Tooltip",
    "Enable code signin": "Code-Anmeldung aktivieren",
    "Enable code signin - Tooltip": "Aktiviere Codeanmeldung - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Aktiviere Anmeldesession - Tooltip",
    "Enable signup": "Anmeldung aktivieren",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Enable WebAuthn signin - Tooltip",
    "Enable code signin": "Enable code signin",
    "Enable code signin - Tooltip": "Enable code signin - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Enable signup",
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Habilitar inicio de sesión de WebAuthn - Tooltip",
    "Enable code signin": "Habilitar inicio de sesión por código",
    "Enable code signin - Tooltip": "Habilitar inicio de sesión por código - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Habilitar nuevos registros",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Enable WebAuthn signin - Tooltip",
    "Enable code signin": "Activer la connexion au code",
    "Enable code signin - Tooltip": "Activer la connexion au code - infobulle",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Activer la session de connexion - infobulle",
    "Enable signup": "Activer l'inscription",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Enable WebAuthn signin - Tooltip",
    "Enable code signin": "コードサインインを有効にする",
    "Enable code signin - Tooltip": "Enable code signin - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "サインアップを有効にする",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Enable WebAuthn signin - Tooltip",
    "Enable code signin": "Enable code signin",
    "Enable code signin - Tooltip": "Enable code signin - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Enable signup",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "Включить вход с WebAuthn - Подсказка",
    "Enable code signin": "Включить кодовый вход",
    "Enable code signin - Tooltip": "Включить вход с кодом - Tooltip",
+    "Enable link accounts that with the same email": "Enable link accounts that with the same email",
+    "Enable link accounts that with the same email - Tooltip": "Enable link accounts that with the same email - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Включить сеанс входа - Подсказка",
    "Enable signup": "Включить регистрацию",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -33,6 +33,8 @@
    "Enable WebAuthn signin - Tooltip": "是否支持用户在登录页面通过WebAuthn方式登录",
    "Enable code signin": "启用验证码登录",
    "Enable code signin - Tooltip": "是否允许用手机或邮箱验证码登录",
+    "Enable link accounts that with the same email": "自动关联邮箱相同的账号",
+    "Enable link accounts that with the same email - Tooltip": "使用第三方授权登录时，如果组织中存在与授权用户邮箱相同的用户，会自动关联该第三方登录方式到该用户",
    "Enable side panel": "启用侧面板",
    "Enable signin session - Tooltip": "从应用登录Casdoor后，Casdoor是否保持会话",
    "Enable signup": "启用注册",