From 01fc5eb4ce1011f257465f7e5563aacd98e4db21 Mon Sep 17 00:00:00 2001
From: "Jens L." <jens@goauthentik.io>
Date: Tue, 19 Nov 2024 18:27:04 +0100
Subject: [PATCH] core: fix source_flow_manager throwing error when
 authenticated user attempts to re-authenticate with existing link (#12080)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/core/sources/flow_manager.py           |  5 +++++
 authentik/core/tests/test_source_flow_manager.py | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/authentik/core/sources/flow_manager.py b/authentik/core/sources/flow_manager.py
index 7b1e115e09a7..3b23ed78f0d6 100644
--- a/authentik/core/sources/flow_manager.py
+++ b/authentik/core/sources/flow_manager.py
@@ -129,6 +129,11 @@ def get_action(self, **kwargs) -> tuple[Action, UserSourceConnection | None]:  #
             )
             new_connection.user = self.request.user
             new_connection = self.update_user_connection(new_connection, **kwargs)
+            if existing := self.user_connection_type.objects.filter(
+                source=self.source, identifier=self.identifier
+            ).first():
+                existing = self.update_user_connection(existing)
+                return Action.AUTH, existing
             return Action.LINK, new_connection
 
         action, connection = self.matcher.get_user_action(self.identifier, self.user_properties)
diff --git a/authentik/core/tests/test_source_flow_manager.py b/authentik/core/tests/test_source_flow_manager.py
index bcd38449c6b9..c9346fce85af 100644
--- a/authentik/core/tests/test_source_flow_manager.py
+++ b/authentik/core/tests/test_source_flow_manager.py
@@ -81,6 +81,22 @@ def test_authenticated_link(self):
             reverse("authentik_core:if-user") + "#/settings;page-sources",
         )
 
+    def test_authenticated_auth(self):
+        """Test authenticated user linking"""
+        user = User.objects.create(username="foo", email="foo@bar.baz")
+        UserOAuthSourceConnection.objects.create(
+            user=user, source=self.source, identifier=self.identifier
+        )
+        request = get_request("/", user=user)
+        flow_manager = OAuthSourceFlowManager(
+            self.source, request, self.identifier, {"info": {}}, {}
+        )
+        action, connection = flow_manager.get_action()
+        self.assertEqual(action, Action.AUTH)
+        self.assertIsNotNone(connection.pk)
+        response = flow_manager.get_flow()
+        self.assertEqual(response.status_code, 302)
+
     def test_unauthenticated_link(self):
         """Test un-authenticated user linking"""
         flow_manager = OAuthSourceFlowManager(