From a178dbfc4bfa08fe8e7e17a76ece1eeced505b2d Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Sun, 25 Feb 2024 03:04:35 +1300
Subject: [PATCH] Allow existing session when upgrading from anonymous to oauth

---
 app/controllers/api/account.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 397ead456f..e15e13baa0 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -558,7 +558,11 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
     ->inject('queueForEvents')
     ->action(function (string $provider, string $code, string $state, string $error, string $error_description, Request $request, Response $response, Document $project, Document $user, Database $dbForProject, Reader $geodb, Event $queueForEvents) use ($oauthDefaultSuccess) {
         if (!$user->isEmpty()) {
-            throw new Exception(Exception::USER_SESSION_ALREADY_EXISTS);
+            $current = $user->find('current', true, 'sessions');
+
+            if ($current && $current->getAttribute('provider') !== Auth::SESSION_PROVIDER_ANONYMOUS) {
+                throw new Exception(Exception::USER_SESSION_ALREADY_EXISTS);
+            }
         }
 
         $protocol = $request->getProtocol();