Handle no-op case

islemaster · islemaster · commit 623f578d63a0 · 2018-09-18T16:44:54.000-07:00
diff --git a/dashboard/app/controllers/omniauth_callbacks_controller.rb b/dashboard/app/controllers/omniauth_callbacks_controller.rb
@@ -29,8 +29,11 @@ def connect_provider
 
     # Check if credential is already in use
     existing_credential_holder = User.find_by_credential type: provider, id: auth_hash.uid
-    if existing_credential_holder && existing_credential_holder != current_user
-      if existing_credential_holder.has_activity?
+    if existing_credential_holder
+      if existing_credential_holder == current_user
+        flash.notice = I18n.t('auth.already_linked', provider: I18n.t("auth.#{provider}"))
+        return redirect_to edit_user_registration_path
+      elsif existing_credential_holder.has_activity?
         # Linking is not possible and takeover is not possible
         # Display a custom error message explaining the credential is already
         # tied to an account, and what we can do about it.
diff --git a/dashboard/test/controllers/omniauth_callbacks_controller_test.rb b/dashboard/test/controllers/omniauth_callbacks_controller_test.rb
@@ -901,6 +901,27 @@ class OmniauthCallbacksControllerTest < ActionController::TestCase
     assert_equal expected_error, flash.alert
   end
 
+  test "connect_provider: Presents no-op message if the provided credentials are already linked to user's account" do
+    # Given the current user already has credential X
+    user = create :user, :multi_auth_migrated
+    credential = create :google_authentication_option, user: user
+    assert_equal 1, user.authentication_options.count
+
+    # When I attempt to add credential X
+    link_credential user,
+      type: credential.credential_type,
+      id: credential.authentication_id
+
+    # Then I should have the same authentication options
+    user.reload
+    assert_equal 1, user.authentication_options.count
+
+    # And receive a friendly notice about already having the credential
+    assert_redirected_to 'http://test.host/users/edit'
+    expected_notice = I18n.t('auth.already_linked', provider: I18n.t("auth.google_oauth2"))
+    assert_equal expected_notice, flash.notice
+  end
+
   private
 
   def set_oauth_takeover_session_variables(provider, user)
