From 53ec794e5398dfc7b62d4a5c8138af41597784b6 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Sat, 26 Sep 2020 16:43:06 +0100
Subject: [PATCH] Fixed issue where SAML login not notifiy on existing user

Added testing to cover

Fixes #2263
---
 app/Auth/Access/RegistrationService.php |  2 +-
 tests/Auth/Saml2Test.php                | 27 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/app/Auth/Access/RegistrationService.php b/app/Auth/Access/RegistrationService.php
index b85f7ffd8..ecc92c117 100644
--- a/app/Auth/Access/RegistrationService.php
+++ b/app/Auth/Access/RegistrationService.php
@@ -57,7 +57,7 @@ class RegistrationService
         // Ensure user does not already exist
         $alreadyUser = !is_null($this->userRepo->getByEmail($userEmail));
         if ($alreadyUser) {
-            throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]));
+            throw new UserRegistrationException(trans('errors.error_user_exists_different_creds', ['email' => $userEmail]), '/login');
         }
 
         // Create the user
diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php
index 7303d4bd8..d58162497 100644
--- a/tests/Auth/Saml2Test.php
+++ b/tests/Auth/Saml2Test.php
@@ -319,6 +319,33 @@ class Saml2Test extends TestCase
         $homeGet->assertRedirect('/register/confirm/awaiting');
     }
 
+    public function test_login_where_existing_non_saml_user_shows_warning()
+    {
+        $this->post('/saml2/login');
+        config()->set(['saml2.onelogin.strict' => false]);
+
+        // Make the user pre-existing in DB with different auth_id
+        User::query()->forceCreate([
+            'email' => 'user@example.com',
+            'external_auth_id' => 'old_system_user_id',
+            'email_confirmed' => false,
+            'name' => 'Barry Scott'
+        ]);
+
+        $this->withPost(['SAMLResponse' => $this->acsPostData], function () {
+            $acsPost = $this->post('/saml2/acs');
+            $acsPost->assertRedirect('/login');
+            $this->assertFalse($this->isAuthenticated());
+            $this->assertDatabaseHas('users', [
+                'email' => 'user@example.com',
+                'external_auth_id' => 'old_system_user_id',
+            ]);
+
+            $loginGet = $this->get('/login');
+            $loginGet->assertSee("A user with the email user@example.com already exists but with different credentials");
+        });
+    }
+
     protected function withGet(array $options, callable $callback)
     {
         return $this->withGlobal($_GET, $options, $callback);