Make sure OAuth2 users cannot be associated multiple times

server/core/context.go

@@ -135,7 +135,7 @@ func (c *Context) SetFlashErrorMessage(message string) {
 
 // FlashErrorMessage returns the error flash message and remove it.
 func (c *Context) FlashErrorMessage() string {
-	message := c.getContextStringValue(middleware.FlashMessageContextKey)
+	message := c.getContextStringValue(middleware.FlashErrorMessageContextKey)
 	c.store.UpdateSessionField(c.SessionID(), "flash_error_message", "")
 	return message
 }

server/ui/controller/controller.go

@@ -44,11 +44,12 @@ func (c *Controller) getCommonTemplateArgs(ctx *core.Context) (tplParams, error)
 	}
 
 	params := tplParams{
-		"menu":         "",
-		"user":         user,
-		"countUnread":  countUnread,
-		"csrf":         ctx.CSRF(),
-		"flashMessage": ctx.FlashMessage(),
+		"menu":              "",
+		"user":              user,
+		"countUnread":       countUnread,
+		"csrf":              ctx.CSRF(),
+		"flashMessage":      ctx.FlashMessage(),
+		"flashErrorMessage": ctx.FlashErrorMessage(),
 	}
 	return params, nil
 }

server/ui/controller/oauth2.go

@@ -71,7 +71,20 @@ func (c *Controller) OAuth2Callback(ctx *core.Context, request *core.Request, re
 	}
 
 	if ctx.IsAuthenticated() {
-		user := ctx.LoggedUser()
+		user, err := c.store.UserByExtraField(profile.Key, profile.ID)
+		if err != nil {
+			response.HTML().ServerError(err)
+			return
+		}
+
+		if user != nil {
+			logger.Error("[OAuth2] User #%d cannot be associated because %s is already associated", ctx.UserID(), user.Username)
+			ctx.SetFlashErrorMessage(ctx.Translate("There is already someone associated with this provider!"))
+			response.Redirect(ctx.Route("settings"))
+			return
+		}
+
+		user = ctx.LoggedUser()
 		if err := c.store.UpdateExtraField(user.ID, profile.Key, profile.ID); err != nil {
 			response.HTML().ServerError(err)
 			return