diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py index 7b1e115e09a7..3b23ed78f0d6 100644 --- a/authentik/core/sources/flow_manager.py +++ b/authentik/core/sources/flow_manager.py @@ -129,6 +129,11 @@ def get_action(self, **kwargs) -> tuple[Action, UserSourceConnection | None]: # ) new_connection.user = self.request.user new_connection = self.update_user_connection(new_connection, **kwargs) + if existing := self.user_connection_type.objects.filter( + source=self.source, identifier=self.identifier + ).first(): + existing = self.update_user_connection(existing) + return Action.AUTH, existing return Action.LINK, new_connection action, connection = self.matcher.get_user_action(self.identifier, self.user_properties) diff --git a/authentik/core/tests/test_source_flow_manager.py b/authentik/core/tests/test_source_flow_manager.py index bcd38449c6b9..c9346fce85af 100644 --- a/authentik/core/tests/test_source_flow_manager.py +++ b/authentik/core/tests/test_source_flow_manager.py @@ -81,6 +81,22 @@ def test_authenticated_link(self): reverse("authentik_core:if-user") + "#/settings;page-sources", ) + def test_authenticated_auth(self): + """Test authenticated user linking""" + user = User.objects.create(username="foo", email="foo@bar.baz") + UserOAuthSourceConnection.objects.create( + user=user, source=self.source, identifier=self.identifier + ) + request = get_request("/", user=user) + flow_manager = OAuthSourceFlowManager( + self.source, request, self.identifier, {"info": {}}, {} + ) + action, connection = flow_manager.get_action() + self.assertEqual(action, Action.AUTH) + self.assertIsNotNone(connection.pk) + response = flow_manager.get_flow() + self.assertEqual(response.status_code, 302) + def test_unauthenticated_link(self): """Test un-authenticated user linking""" flow_manager = OAuthSourceFlowManager(