[URGENT] Hotfix: re-adds the password and username set check in signup (#8638)

* Check for existing password and username to ensure it isn't an invite * added check with verified to allow SAML linking * wrong verified check lol * updated comment * unintended
2023-05-03 18:40:28 +05:30 · 2023-05-03 18:40:28 +05:30 · e78fb22451
parent 99f736b317
commit e78fb22451
1 changed files with 14 additions and 3 deletions
--- a/apps/web/pages/api/auth/signup.ts
+++ b/apps/web/pages/api/auth/signup.ts
@ -36,14 +36,25 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
    return;
  }

-  // There is actually an existingUser if username matches
-  // OR if email matches and both username and password are set
+  // There is an existingUser if the username matches
+  // OR if the email matches AND either the email is verified
+  // or both username and password are set
  const existingUser = await prisma.user.findFirst({
    where: {
      OR: [
        { username },
        {
-          AND: [{ email: userEmail }],
+          AND: [
+            { email: userEmail },
+            {
+              OR: [
+                { emailVerified: { not: null } },
+                {
+                  AND: [{ password: { not: null } }, { username: { not: null } }],
+                },
+              ],
+            },
+          ],
        },
      ],
    },