X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7ea3065904e73e024f9028c787c86e4bbe861ff7..14baeb15c9a703a7c7b5c36b2ddcbf44c35c4c7a:/services/api/app/controllers/user_sessions_controller.rb

diff --git a/services/api/app/controllers/user_sessions_controller.rb b/services/api/app/controllers/user_sessions_controller.rb
index eaaf7b5b93..3ac47d46cf 100644
--- a/services/api/app/controllers/user_sessions_controller.rb
+++ b/services/api/app/controllers/user_sessions_controller.rb
@@ -20,6 +20,22 @@ class UserSessionsController < ApplicationController
     end
 
     user = User.find_by_identity_url(omniauth['info']['identity_url'])
+    if not user
+      # Check for permission to log in to an existing User record with
+      # a different identity_url
+      Link.where(link_class: 'permission',
+                 name: 'can_login',
+                 tail_kind: 'email',
+                 tail_uuid: omniauth['info']['email'],
+                 head_kind: 'arvados#user').each do |link|
+        if prefix = link.properties[:identity_url_prefix]
+          if prefix == omniauth['info']['identity_url'][0..prefix.size-1]
+            user = User.find_by_uuid(link.head_uuid)
+            break if user
+          end
+        end
+      end
+    end
     if not user
       # New user registration
       user = User.new(:email => omniauth['info']['email'],
@@ -31,6 +47,10 @@ class UserSessionsController < ApplicationController
       user.email = omniauth['info']['email']
       user.first_name = omniauth['info']['first_name']
       user.last_name = omniauth['info']['last_name']
+      if user.identity_url.nil?
+        # First login to a pre-activated account
+        user.identity_url = omniauth['info']['identity_url']
+      end
     end
 
     # prevent ArvadosModel#before_create and _update from throwing