@@ -185,16 +185,16 @@ def extract_microsoft_data(auth)
185185 # Clever/Powerschool signins have unique requirements, and must be handled a bit outside the normal flow
186186 def handle_untrusted_email_signin ( user , provider )
187187 force_takeover = user . teacher? && user . email . present? && user . email . end_with? ( '.oauthemailalreadytaken' )
188-
189- # We used to check this based on sign_in_count, but we're explicitly logging it now
190- seen_oauth_takeover_dialog = ( !! user . seen_oauth_connect_dialog ) || user . sign_in_count > 1
191-
192- # If account exists (as looked up by Clever ID) and it's not the first login, just sign in
193- if user . persisted? && seen_oauth_takeover_dialog && ! force_takeover
194- sign_in_user
195- else
196- # Otherwise, it's either the first login, or a user who must connect -
197- # offer to connect the Clever account to an existing one, or insist if needed
188+ if force_takeover
189+ # It's a user who must link accounts - a Clever/Powerschool Code.org teacher account with an
190+ # email that conflicts with an existing Code.org account.
191+ #
192+ # We don't want them using the teacher account as-is because it doesn't have a valid email.
193+ # We can't do a silent takeover because we don't trust email addresses from Clever/Powerschool
194+ #
195+ # Long-term I'd like sign-up when there's a conflict like this to just fail, with a helpful
196+ # message directing the teacher to sign in to their existing account and then link Clever
197+ # to it from the accounts page.
198198 if user . migrated?
199199 auth_option = user . authentication_options . find_by credential_type : provider
200200 begin_account_takeover \
@@ -211,8 +211,8 @@ def handle_untrusted_email_signin(user, provider)
211211 end
212212 user . seen_oauth_connect_dialog = true
213213 user . save!
214- sign_in_user
215214 end
215+ sign_in_user
216216 end
217217
218218 def move_oauth_params_to_cache ( user )
0 commit comments