Prevent email verification from overriding existing sessions (#9075)

pull/28217/head
Janne Mareike Koschinski 2022-07-22 11:45:26 +02:00 committed by GitHub
parent 81653cf5fd
commit e694e87814
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions

View File

@ -382,7 +382,8 @@ export default class Registration extends React.Component<IProps, IState> {
const hasEmail = Boolean(this.state.formVals.email); const hasEmail = Boolean(this.state.formVals.email);
const hasAccessToken = Boolean(response.access_token); const hasAccessToken = Boolean(response.access_token);
debuglog("Registration: ui auth finished:", { hasEmail, hasAccessToken }); debuglog("Registration: ui auth finished:", { hasEmail, hasAccessToken });
if (!hasEmail && hasAccessToken) { // dont log in if we found a session for a different user
if (!hasEmail && hasAccessToken && !newState.differentLoggedInUserId) {
// we'll only try logging in if we either have no email to verify at all or we're the client that verified // we'll only try logging in if we either have no email to verify at all or we're the client that verified
// the email, not the client that started the registration flow // the email, not the client that started the registration flow
await this.props.onLoggedIn({ await this.props.onLoggedIn({