enhancement(Guest): prevent contributing from verified accounts (#9890)

opencollective · Mar 1, 2024 · 0bb7a93 · 0bb7a93
1 parent e410dd8
commit 0bb7a93
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 19 deletions.
diff --git a/server/lib/guest-accounts.ts b/server/lib/guest-accounts.ts
@@ -83,11 +83,13 @@ export const getOrCreateGuestProfile = async (
         transaction,
         include: [{ association: 'location' }],
       });
-      if (!user.confirmedAt) {
-        const newLegalName = legalName || collective.legalName;
-        const newValues = { name, location, legalName: newLegalName };
-        collective = await updateCollective(collective, newValues, transaction);
+      if (user.confirmedAt) {
+        throw new BadRequest('There is already an account associated with this email, please sign in.');
       }
+
+      const newLegalName = legalName || collective.legalName;
+      const newValues = { name, location, legalName: newLegalName };
+      collective = await updateCollective(collective, newValues, transaction);
     }
 
     // Create the public guest profile

diff --git a/test/server/graphql/v2/mutation/OrderMutations.test.ts b/test/server/graphql/v2/mutation/OrderMutations.test.ts
@@ -645,7 +645,7 @@ describe('server/graphql/v2/mutation/OrderMutations', () => {
           expect(order2.status).to.eq('PAID');
         });
 
-        it('Works with an email that already exists (verified)', async () => {
+        it('Does not work with an email that already exists if verified', async () => {
           const user = await fakeUser({ confirmedAt: new Date() });
           const orderData = {
             ...validOrderParams,
@@ -656,14 +656,10 @@ describe('server/graphql/v2/mutation/OrderMutations', () => {
             },
           };
           const result = await callCreateOrder({ order: orderData });
-          result.errors && console.error(result.errors);
-          expect(result.errors).to.not.exist;
-
-          const order = result.data.createOrder.order;
-          expect(order.fromAccount.legacyId).to.eq(user.CollectiveId);
-          expect(order.fromAccount.isGuest).to.eq(false);
-          expect(order.paymentMethod.account.id).to.eq(order.fromAccount.id);
-          expect(order.status).to.eq('PAID');
+          expect(result.errors).to.exist;
+          expect(result.errors[0].message).to.equal(
+            'There is already an account associated with this email, please sign in.',
+          );
         });
 
         it('If the account already exists, cannot use an existing payment method', async () => {

diff --git a/test/server/lib/guest-accounts.test.ts b/test/server/lib/guest-accounts.test.ts
@@ -37,13 +37,11 @@ describe('server/lib/guest-accounts.ts', () => {
       expect(user.data.creationRequest['userAgent']).to.eq('TestUserAgent');
     });
 
-    it('Works even if a verified account already exists for this email, but does not update the profile', async () => {
+    it('Does not work if there is a verified account for this email', async () => {
       const user = await fakeUser({ confirmedAt: new Date() });
-      const { collective } = await getOrCreateGuestProfile({ email: user.email, name: 'TOTO' });
-      expect(collective).to.exist;
-      expect(collective.id).to.eq(user.CollectiveId);
-      expect(collective.name).to.eq(user.collective.name);
-      expect(collective.name).to.not.eq('TOTO');
+      await expect(getOrCreateGuestProfile({ email: user.email, name: 'TOTO' })).to.be.rejectedWith(
+        'There is already an account associated with this email, please sign in.',
+      );
     });
 
     it('Re-use the same profile if a non-verified account already exists', async () => {