Merge pull request #4494 from LibreSign/backport/4490/stable29

[stable29] fix: logout if is using different account
LibreSign · Jan 28, 2025 · fb0966f · fb0966f
2 parents ab8cefb + ed4b3a5
commit fb0966f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 5 deletions.
diff --git a/lib/Service/IdentifyMethod/Email.php b/lib/Service/IdentifyMethod/Email.php
@@ -97,9 +97,14 @@ protected function throwIfNeedToCreateAccount(): void {
 			]));
 		}
 		$signRequest = $this->identifyService->getSignRequestMapper()->getById($this->getEntity()->getSignRequestId());
+		$errors = [$this->identifyService->getL10n()->t('User already exists. Please login.')];
+		if ($this->userSession->isLoggedIn()) {
+			$errors[] = $this->identifyService->getL10n()->t('This is not your file');
+			$this->userSession->logout();
+		}
 		throw new LibresignException(json_encode([
 			'action' => JSActions::ACTION_REDIRECT,
-			'errors' => [$this->identifyService->getL10n()->t('User already exists. Please login.')],
+			'errors' => $errors,
 			'redirect' => $this->identifyService->getUrlGenerator()->linkToRoute('core.login.showLoginForm', [
 				'redirect_url' => $this->identifyService->getUrlGenerator()->linkToRoute(
 					'libresign.page.sign',
@@ -142,9 +147,14 @@ private function throwIfAccountAlreadyExists(): void {
 			}
 		}
 		$signRequest = $this->identifyService->getSignRequestMapper()->getById($this->getEntity()->getSignRequestId());
+		$errors = [$this->identifyService->getL10n()->t('User already exists. Please login.')];
+		if ($this->userSession->isLoggedIn()) {
+			$errors[] = $this->identifyService->getL10n()->t('This is not your file');
+			$this->userSession->logout();
+		}
 		throw new LibresignException(json_encode([
 			'action' => JSActions::ACTION_REDIRECT,
-			'errors' => [$this->identifyService->getL10n()->t('User already exists. Please login.')],
+			'errors' => $errors,
 			'redirect' => $this->identifyService->getUrlGenerator()->linkToRoute('core.login.showLoginForm', [
 				'redirect_url' => $this->identifyService->getUrlGenerator()->linkToRoute(
 					'libresign.page.sign',

diff --git a/tests/integration/features/sign/request.feature b/tests/integration/features/sign/request.feature
@@ -89,9 +89,9 @@ Feature: request-signature
     When sending "get" to "/apps/libresign/p/sign/<SIGN_UUID>"
     Then the response should have a status code 422
     And the response should be a JSON array with the following mandatory values
-      | key    | value                                  |
-      | action | 1000                                   |
-      | errors | ["User already exists. Please login."] |
+      | key    | value                                                          |
+      | action | 1000                                                           |
+      | errors | ["User already exists. Please login.","This is not your file"] |
 
   Scenario: Request to sign with error when the link was expired
     Given as user "admin"