From c75ac60b0b5481676a9befd4d58001f94ee529c4 Mon Sep 17 00:00:00 2001
From: nikita <polyanin@bsindustry.ru>
Date: Thu, 26 Dec 2024 15:47:38 +0300
Subject: [PATCH] sec: add verification for OAuth authorization

---
 Security/Services/AuthService.cs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/Security/Services/AuthService.cs b/Security/Services/AuthService.cs
index 97592b7..25234f9 100644
--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@@ -183,8 +183,18 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
     public Task<TwoFactorAuthenticator> LoginOAuthAsync(CookieOptions cookieOptions,
         HttpContext context,
         User user,
-        CancellationToken cancellation = default) =>
-            LoginAsync(cookieOptions, context, user, cancellation);
+        OAuthUser oAuthUser,
+        OAuthProvider provider,
+        CancellationToken cancellation = default)
+    {
+        if (user.OAuthProviders == null || !user.OAuthProviders.TryGetValue(provider, out var value))
+            throw new SecurityException($"This provider '{Enum.GetName(provider)}' is not linked to the account.");
+
+        if (value.Id != oAuthUser.Id)
+            throw new SecurityException("This account was not linked");
+
+        return LoginAsync(cookieOptions, context, user, cancellation);
+    }
 
     public async Task<TwoFactorAuthenticator> LoginAsync(CookieOptions cookieOptions,
         HttpContext context,