sec: add verification for OAuth authorization

2024-12-26 15:47:38 +03:00 · 2024-12-26 15:47:38 +03:00 · c75ac60b0b
commit c75ac60b0b
parent 5b7412f20f
1 changed files with 12 additions and 2 deletions
--- a/Security/Services/AuthService.cs
+++ b/Security/Services/AuthService.cs
@ -183,8 +183,18 @@ public class AuthService(ICacheService cache, IAccessToken accessTokenService, I
    public Task<TwoFactorAuthenticator> LoginOAuthAsync(CookieOptions cookieOptions,
        HttpContext context,
        User user,
-        CancellationToken cancellation = default) =>
-            LoginAsync(cookieOptions, context, user, cancellation);
+        OAuthUser oAuthUser,
+        OAuthProvider provider,
+        CancellationToken cancellation = default)
+    {
+        if (user.OAuthProviders == null || !user.OAuthProviders.TryGetValue(provider, out var value))
+            throw new SecurityException($"This provider '{Enum.GetName(provider)}' is not linked to the account.");
+
+        if (value.Id != oAuthUser.Id)
+            throw new SecurityException("This account was not linked");
+
+        return LoginAsync(cookieOptions, context, user, cancellation);
+    }

    public async Task<TwoFactorAuthenticator> LoginAsync(CookieOptions cookieOptions,
        HttpContext context,