Always apply attributes from token when registering

The change introduced in #1033 transformed any identification attribute returned from an OAuth provider to just a default value. When the identification attribute used by the provider is the email or username, this allowed the user to supply a different email or username and still getting an already-enabled account with the credentials he entered. Skipping attributes with an existing value makes no sense here because it's a always a fresh user and values from AbstractOAuth2Controller::getIdentification() should always be enforced.
2024-12-02 06:53:47 +08:00 · 2018-01-06 19:57:56 +10:30 · 2018-01-06 19:57:56 +10:30 · 31b925164c
commit 31b925164c
parent 140ae49369
1 changed files with 1 additions and 3 deletions
--- a/framework/core/src/Core/Command/RegisterUserHandler.php
+++ b/framework/core/src/Core/Command/RegisterUserHandler.php
@ -116,9 +116,7 @@ class RegisterUserHandler
        // from the get-go.
        if (isset($token)) {
            foreach ($token->payload as $k => $v) {
-                if (in_array($user->$k, ['', null], true)) {
-                    $user->$k = $v;
-                }
+                $user->$k = $v;
            }

            if (isset($token->payload['email'])) {