From 7528f509be5fcbd5e688b65902895f55f876e457 Mon Sep 17 00:00:00 2001
From: Joel Butcher <joelbutcher@users.noreply.github.com>
Date: Wed, 24 Jul 2024 18:26:04 +0100
Subject: [PATCH] Fix RedirectIfTwoFactorAuthenticatable::validateCredentials
 and registration login / error

---
 src/Actions/AuthenticateOAuthCallback.php     | 31 ++++++++++---------
 .../RedirectIfTwoFactorAuthenticatable.php    |  8 +++--
 src/Http/Responses/OAuthFailedResponse.php    |  2 +-
 3 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/src/Actions/AuthenticateOAuthCallback.php b/src/Actions/AuthenticateOAuthCallback.php
index b456586..ffbd3f5 100644
--- a/src/Actions/AuthenticateOAuthCallback.php
+++ b/src/Actions/AuthenticateOAuthCallback.php
@@ -48,12 +48,11 @@ class AuthenticateOAuthCallback implements AuthenticatesOAuthCallback
      * Create a new controller instance.
      */
     public function __construct(
-        protected StatefulGuard            $guard,
-        protected CreatesUserFromProvider  $createsUser,
+        protected StatefulGuard $guard,
+        protected CreatesUserFromProvider $createsUser,
         protected CreatesConnectedAccounts $createsConnectedAccounts,
         protected UpdatesConnectedAccounts $updatesConnectedAccounts
-    )
-    {
+    ) {
         //
     }
 
@@ -85,7 +84,7 @@ public function authenticate(string $provider, ProviderUser $providerAccount): S
 
         // If a user exists, check the features to make sure we can link unlinked existing users.
         if ($user) {
-            if (!Features::authenticatesExistingUnlinkedUsers()) {
+            if (! Features::authenticatesExistingUnlinkedUsers()) {
                 // If we cannot link, return an error asking the user to log in to link their account.
                 return $this->oauthFailed(
                     error: __('An account already exists with the same email address. Please log in to connect your :provider account.', ['provider' => Providers::name($provider)]),
@@ -108,17 +107,21 @@ public function authenticate(string $provider, ProviderUser $providerAccount): S
         }
 
         // If a user does not exist for the provider account, check if registration is supported.
-        if (! $this->canRegister()) {
-            // If registration is not supported, return an error.
-            return $this->oauthFailed(
-                error: __('Registration is disabled.'),
-                provider: $provider,
-                providerAccount: $providerAccount,
-            );
+        if ($this->canRegister()) {
+            // If registration is supported, register the user.
+            return $this->register($provider, $providerAccount);
         }
 
-        // Otherwise, register the user.
-        return $this->register($provider, $providerAccount);
+        // Otherwise, return an error.
+        $error = Route::has('login') && Session::get('socialstream.previous_url') === route('login')
+            ? __('Account not found, please register to create an account.')
+            : __('Registration is disabled.');
+
+        return $this->oauthFailed(
+            error: $error,
+            provider: $provider,
+            providerAccount: $providerAccount,
+        );
     }
 
     /**
diff --git a/src/Actions/RedirectIfTwoFactorAuthenticatable.php b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
index 24d285a..2896763 100644
--- a/src/Actions/RedirectIfTwoFactorAuthenticatable.php
+++ b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
@@ -26,12 +26,14 @@ protected function validateCredentials($request)
         $socialUser = app(ResolvesSocialiteUsers::class)
             ->resolve($request->route('provider'));
 
-        return tap(Socialstream::$userModel::where('email', $socialUser->getEmail())->first(), function ($user) use ($request, $socialUser) {
-            if (! $user || ! Socialstream::$connectedAccountModel::where('email', $socialUser->getEmail())->first()) {
-                $this->fireFailedEvent($request, $user);
+        $connectedAccount = tap(Socialstream::$connectedAccountModel::where('email', $socialUser->getEmail())->first(), function ($connectedAccount) use ($request, $socialUser) {
+            if (! $connectedAccount) {
+                $this->fireFailedEvent($request, $connectedAccount->user);
 
                 $this->throwFailedAuthenticationException($request);
             }
         });
+
+        return $connectedAccount->user;
     }
 }
diff --git a/src/Http/Responses/OAuthFailedResponse.php b/src/Http/Responses/OAuthFailedResponse.php
index 75614d3..48d3b3c 100644
--- a/src/Http/Responses/OAuthFailedResponse.php
+++ b/src/Http/Responses/OAuthFailedResponse.php
@@ -6,7 +6,7 @@
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
 use JoelButcher\Socialstream\Concerns\InteractsWithComposer;
-use JoelButcher\Socialstream\Contracts\OAuthLoginFailedResponse as OAuthFailedResponseContract;
+use JoelButcher\Socialstream\Contracts\OAuthFailedResponse as OAuthFailedResponseContract;
 use JoelButcher\Socialstream\Socialstream;
 
 class OAuthFailedResponse implements OAuthFailedResponseContract