From 34a993fcc6d6667036b1e7118663c5a535a208f4 Mon Sep 17 00:00:00 2001
From: diced <pranaco2@gmail.com>
Date: Wed, 8 Jan 2025 12:46:41 -0800
Subject: [PATCH] fix: oauth vulnerability

---
 src/lib/middleware/withOAuth.ts | 23 ++---------------------
 1 file changed, 2 insertions(+), 21 deletions(-)

diff --git a/src/lib/middleware/withOAuth.ts b/src/lib/middleware/withOAuth.ts
index e6e6f14f3..0bc57c5c7 100644
--- a/src/lib/middleware/withOAuth.ts
+++ b/src/lib/middleware/withOAuth.ts
@@ -67,26 +67,7 @@ export const withOAuth =
         },
       });
     } catch (e) {
-      logger.debug(`Failed to find existing oauth. Using fallback. ${e}`);
-      if (e.code === 'P2022' || e.code === 'P2025') {
-        const existing = await prisma.user.findFirst({
-          where: {
-            oauth: {
-              some: {
-                provider: provider.toUpperCase() as OauthProviders,
-                username: oauth_resp.username,
-              },
-            },
-          },
-          include: {
-            oauth: true,
-          },
-        });
-        existingOauth = existing?.oauth?.find((o) => o.provider === provider.toUpperCase());
-        if (existingOauth) existingOauth.fallback = true;
-      } else {
-        logger.error(`Failed to find existing oauth. ${e}`);
-      }
+      logger.error(`Failed to find existing oauth, this likely will result in a failure: ${e}`);
     }
 
     const existingUser = await prisma.user.findFirst({
@@ -157,7 +138,7 @@ export const withOAuth =
       logger.info(`User ${user.username} (${user.id}) logged in via oauth(${provider})`);
 
       return res.redirect('/dashboard');
-    } else if ((existingOauth && existingOauth.fallback) || existingOauth) {
+    } else if (existingOauth) {
       await prisma.oAuth.update({
         where: {
           id: existingOauth?.id,