diff --git a/server/lib/guest-accounts.ts b/server/lib/guest-accounts.ts index 43c0e612367..a71237e0b31 100644 --- a/server/lib/guest-accounts.ts +++ b/server/lib/guest-accounts.ts @@ -83,11 +83,13 @@ export const getOrCreateGuestProfile = async ( transaction, include: [{ association: 'location' }], }); - if (!user.confirmedAt) { - const newLegalName = legalName || collective.legalName; - const newValues = { name, location, legalName: newLegalName }; - collective = await updateCollective(collective, newValues, transaction); + if (user.confirmedAt) { + throw new BadRequest('There is already an account associated with this email, please sign in.'); } + + const newLegalName = legalName || collective.legalName; + const newValues = { name, location, legalName: newLegalName }; + collective = await updateCollective(collective, newValues, transaction); } // Create the public guest profile diff --git a/test/server/graphql/v2/mutation/OrderMutations.test.ts b/test/server/graphql/v2/mutation/OrderMutations.test.ts index 929f28bd092..dd6e90c08f5 100644 --- a/test/server/graphql/v2/mutation/OrderMutations.test.ts +++ b/test/server/graphql/v2/mutation/OrderMutations.test.ts @@ -645,7 +645,7 @@ describe('server/graphql/v2/mutation/OrderMutations', () => { expect(order2.status).to.eq('PAID'); }); - it('Works with an email that already exists (verified)', async () => { + it('Does not work with an email that already exists if verified', async () => { const user = await fakeUser({ confirmedAt: new Date() }); const orderData = { ...validOrderParams, @@ -656,14 +656,10 @@ describe('server/graphql/v2/mutation/OrderMutations', () => { }, }; const result = await callCreateOrder({ order: orderData }); - result.errors && console.error(result.errors); - expect(result.errors).to.not.exist; - - const order = result.data.createOrder.order; - expect(order.fromAccount.legacyId).to.eq(user.CollectiveId); - expect(order.fromAccount.isGuest).to.eq(false); - expect(order.paymentMethod.account.id).to.eq(order.fromAccount.id); - expect(order.status).to.eq('PAID'); + expect(result.errors).to.exist; + expect(result.errors[0].message).to.equal( + 'There is already an account associated with this email, please sign in.', + ); }); it('If the account already exists, cannot use an existing payment method', async () => { diff --git a/test/server/lib/guest-accounts.test.ts b/test/server/lib/guest-accounts.test.ts index 50b052d401d..bcfff9e8291 100644 --- a/test/server/lib/guest-accounts.test.ts +++ b/test/server/lib/guest-accounts.test.ts @@ -37,13 +37,11 @@ describe('server/lib/guest-accounts.ts', () => { expect(user.data.creationRequest['userAgent']).to.eq('TestUserAgent'); }); - it('Works even if a verified account already exists for this email, but does not update the profile', async () => { + it('Does not work if there is a verified account for this email', async () => { const user = await fakeUser({ confirmedAt: new Date() }); - const { collective } = await getOrCreateGuestProfile({ email: user.email, name: 'TOTO' }); - expect(collective).to.exist; - expect(collective.id).to.eq(user.CollectiveId); - expect(collective.name).to.eq(user.collective.name); - expect(collective.name).to.not.eq('TOTO'); + await expect(getOrCreateGuestProfile({ email: user.email, name: 'TOTO' })).to.be.rejectedWith( + 'There is already an account associated with this email, please sign in.', + ); }); it('Re-use the same profile if a non-verified account already exists', async () => {