From 176c2441a4920a9c434d22b8e53c703b0d753986 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Mon, 8 Sep 2025 10:32:13 +0200
Subject: [PATCH 1/2] Fix oauth identity check

---
 app/controllers/api/account.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 7f76e39cd9..84f89f57b8 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1534,23 +1534,23 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
              * Is verified is not used yet, since we don't know after an account is created anymore if it was verified or not.
              */
             $isVerified = $oauth2->isEmailVerified($accessToken);
-
-            $userWithEmail = $dbForProject->findOne('users', [
-                Query::equal('email', [$email]),
+            
+            $identity = $dbForProject->findOne('identities', [
+                Query::equal('provider', [$provider]),
+                Query::equal('providerUid', [$oauth2ID]),
             ]);
-            if (!$userWithEmail->isEmpty()) {
-                $user->setAttributes($userWithEmail->getArrayCopy());
+
+            if (!$identity->isEmpty()) {
+                $user = $dbForProject->getDocument('users', $identity->getAttribute('userId'));
             }
 
             // If user is not found, check if there is an identity with the same provider user ID
             if ($user === false || $user->isEmpty()) {
-                $identity = $dbForProject->findOne('identities', [
-                    Query::equal('provider', [$provider]),
-                    Query::equal('providerUid', [$oauth2ID]),
+                $userWithEmail = $dbForProject->findOne('users', [
+                    Query::equal('email', [$email]),
                 ]);
-
-                if (!$identity->isEmpty()) {
-                    $user = $dbForProject->getDocument('users', $identity->getAttribute('userId'));
+                if (!$userWithEmail->isEmpty()) {
+                    $user->setAttributes($userWithEmail->getArrayCopy());
                 }
             }
 

From c31a18934025dc17c55f3c3cb4e858dd846ab8ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matej=20Ba=C4=8Do?= <matejbaco2000@gmail.com>
Date: Mon, 8 Sep 2025 11:34:46 +0200
Subject: [PATCH 2/2] Linter fix

---
 app/controllers/api/account.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 84f89f57b8..8aaa5283c4 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1534,7 +1534,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
              * Is verified is not used yet, since we don't know after an account is created anymore if it was verified or not.
              */
             $isVerified = $oauth2->isEmailVerified($accessToken);
-            
+
             $identity = $dbForProject->findOne('identities', [
                 Query::equal('provider', [$provider]),
                 Query::equal('providerUid', [$oauth2ID]),