From a2a0ea2e1a041f10f0195460324660d54f0c0da7 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Fri, 9 Feb 2024 14:38:32 +0100
Subject: [PATCH] Prevent different identities from a same SSO provider from
 accessing a same account

---
 app/models/concerns/user/omniauthable.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/concerns/user/omniauthable.rb b/app/models/concerns/user/omniauthable.rb
index 113bfda230..10baa890d8 100644
--- a/app/models/concerns/user/omniauthable.rb
+++ b/app/models/concerns/user/omniauthable.rb
@@ -51,7 +51,7 @@ module User::Omniauthable
 
       user = User.find_by(email: email) if email_is_verified
 
-      return user unless user.nil?
+      return user unless user.nil? && !Identity.exists?(provider: auth.provider, user_id: user.id)
 
       user = User.new(user_params_from_auth(email, auth))