HomePhabricator
Diffusion Phabricator b038041dc600

Prevent duplicate account links from being created by swapping logins and…
b038041dc600
Actions

Description

Prevent duplicate account links from being created by swapping logins and then refreshing the link

Summary:
Fixes T6707. Users can currently do this:

  • Log in to a service (like Facebook or Google) with account "A".
  • Link their Phabricator account to that account.
  • Log out of Facebook, log back in with account "B".
  • Refresh the account link from SettingsExternal Accounts.

When they do this, we write a second account link (between their Phabricator account and account "B"). However, the rest of the codebase assumes accounts are singly-linked, so this breaks down elsewhere.

For now, decline to link the second account. We'll permit this some day, but need to do more work to allow it, and the need is very rare.

Test Plan:

  • Followed the steps above, hit the new error.
  • Logged back in to the proper account and did a link refresh (which worked).

Screen Shot 2015-10-23 at 12.56.20 PM.png (885×890 px, 133 KB)

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6707

Differential Revision: https://secure.phabricator.com/D14319

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Oct 24 2015, 11:50 AM
Reviewer
chad
Differential Revision
D14319: Prevent duplicate account links from being created by swapping logins and then refreshing the link
Parents
rP4afeebe83489: Don't store IP addresses in content sources
Branches
Unknown
Tags
Unknown
Tasks
T6707: 'Attaching' two external accounts of the same type results in AphrontCountQueryException
Build Status
Buildable 8383
Build 9625: Run Core Tests

Changes (1)

PathSize
src/
applications/
auth/
controller/

rPb038041dc600

View Options

src/applications/auth/controller/PhabricatorAuthLoginController.php

Loading...
Phabricator · Built by Phacility