Fix issue with only one access token per inapp purchase

Check looking at existing user's access token didn't include device token condition. In case device 2 wanted to claim the purchase (via restore purchase), access token of device 1 was overwritten and device 1 lost the access to inapp purchase.
remp2020 · Sep 29, 2020 · cb4ffa3 · cb4ffa3
1 parent bb62ec0
commit cb4ffa3
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/api/VerifyPurchaseApiHandler.php b/src/api/VerifyPurchaseApiHandler.php
@@ -487,6 +487,7 @@ private function pairUserWithAuthorizedToken(UserTokenAuthorization $authorizati
         if ($deviceToken) {
             $accessToken = $this->accessTokensRepository
                 ->allUserTokensBySource($user->id, GooglePlayBillingModule::USER_SOURCE_APP)
+                ->where('device_token_id = ?', $deviceToken->id)
                 ->limit(1)
                 ->fetch();
             if (!$accessToken) {