From 67258a7befd9abc3497255de2196ccb595306cb1 Mon Sep 17 00:00:00 2001
From: simeng-li <simeng@silverhand.io>
Date: Fri, 19 Jul 2024 14:50:43 +0800
Subject: [PATCH] fix(core): should not sync registered identifier from social

should not sync registered identifier from social
---
 .../verifications/social-verification.ts      | 10 ++++++--
 .../sign-in-interaction/social.test.ts        | 25 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/packages/core/src/routes/experience/classes/verifications/social-verification.ts b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
index 4284f643676..5027272c702 100644
--- a/packages/core/src/routes/experience/classes/verifications/social-verification.ts
+++ b/packages/core/src/routes/experience/classes/verifications/social-verification.ts
@@ -210,9 +210,15 @@ export class SocialVerification implements IdentifierVerificationRecord<Verifica
     const { name, avatar, email: primaryEmail, phone: primaryPhone } = this.socialUserInfo;
 
     if (isNewUser) {
+      const {
+        users: { hasUserWithEmail, hasUserWithPhone },
+      } = this.queries;
+
       return {
-        ...conditional(primaryEmail && { primaryEmail }),
-        ...conditional(primaryPhone && { primaryPhone }),
+        // Sync the email only if the email is not used by other users
+        ...conditional(primaryEmail && !(await hasUserWithEmail(primaryEmail)) && { primaryEmail }),
+        // Sync the phone only if the phone is not used by other users
+        ...conditional(primaryPhone && !(await hasUserWithPhone(primaryPhone)) && { primaryPhone }),
         ...conditional(name && { name }),
         ...conditional(avatar && { avatar }),
       };
diff --git a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
index c74ed4bd0e8..e74d9fd0e8b 100644
--- a/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
+++ b/packages/integration-tests/src/tests/api/experience-api/sign-in-interaction/social.test.ts
@@ -43,6 +43,31 @@ devFeatureTest.describe('social sign-in and sign-up', () => {
     expect(primaryEmail).toBe(email);
   });
 
+  it('should successfully sign-up with social but not sync email if the email is registered by another user', async () => {
+    const { userProfile, user } = await generateNewUser({
+      primaryEmail: true,
+    });
+
+    const { primaryEmail } = userProfile;
+
+    const userId = await signInWithSocial(
+      connectorIdMap.get(mockSocialConnectorId)!,
+      {
+        id: generateStandardId(),
+        email: primaryEmail,
+      },
+      {
+        registerNewUser: true,
+      }
+    );
+
+    expect(userId).not.toBe(user.id);
+    const { primaryEmail: newUserPrimaryEmail } = await getUser(userId);
+    expect(newUserPrimaryEmail).toBeNull();
+
+    await Promise.all([deleteUser(userId), deleteUser(user.id)]);
+  });
+
   it('should successfully sign-in with social and sync name', async () => {
     const userId = await signInWithSocial(connectorIdMap.get(mockSocialConnectorId)!, {
       id: socialUserId,