oqtane · sbwalker · Oct 24, 2023 · Oct 24, 2023
diff --git a/Oqtane.Client/Modules/Admin/Users/Index.razor b/Oqtane.Client/Modules/Admin/Users/Index.razor
@@ -323,7 +323,16 @@ else
 									</select>
 								</div>
 							</div>
-						}
+                            <div class="row mb-1 align-items-center">
+                                <Label Class="col-sm-3" For="verifyusers" HelpText="Do you want existing users to perform an additional email verification step to link their external login? If you disable this option, existing users will be linked automatically." ResourceKey="VerifyUsers">Verify Existing Users?</Label>
+                                <div class="col-sm-9">
+                                    <select id="verifyusers" class="form-select" @bind="@_verifyusers">
+                                        <option value="true">@SharedLocalizer["Yes"]</option>
+                                        <option value="false">@SharedLocalizer["No"]</option>
+                                    </select>
+                                </div>
+                            </div>
+                        }
 					</Section>
 					<Section Name="Token" Heading="Token Settings" ResourceKey="TokenSettings">
 						<div class="row mb-1 align-items-center">
@@ -410,6 +419,7 @@ else
     private string _profileclaimtypes;
     private string _domainfilter;
     private string _createusers;
+    private string _verifyusers;
 
     private string _secret;
     private string _secrettype = "password";
@@ -468,6 +478,7 @@ else
             _profileclaimtypes = SettingService.GetSetting(settings, "ExternalLogin:ProfileClaimTypes", "");
             _domainfilter = SettingService.GetSetting(settings, "ExternalLogin:DomainFilter", "");
             _createusers = SettingService.GetSetting(settings, "ExternalLogin:CreateUsers", "true");
+            _verifyusers = SettingService.GetSetting(settings, "ExternalLogin:VerifyUsers", "true");
 
             _secret = SettingService.GetSetting(settings, "JwtOptions:Secret", "");
             _togglesecret = SharedLocalizer["ShowPassword"];
@@ -556,6 +567,7 @@ else
 				settings = SettingService.SetSetting(settings, "ExternalLogin:ProfileClaimTypes", _profileclaimtypes, true);
 				settings = SettingService.SetSetting(settings, "ExternalLogin:DomainFilter", _domainfilter, true);
 				settings = SettingService.SetSetting(settings, "ExternalLogin:CreateUsers", _createusers, true);
+                settings = SettingService.SetSetting(settings, "ExternalLogin:VerifyUsers", _verifyusers, true);
 
 				if (!string.IsNullOrEmpty(_secret) && _secret.Length < 16) _secret = (_secret + "????????????????").Substring(0, 16);
 				settings = SettingService.SetSetting(settings, "JwtOptions:Secret", _secret, true);

diff --git a/Oqtane.Client/Resources/Modules/Admin/Users/Index.resx b/Oqtane.Client/Resources/Modules/Admin/Users/Index.resx
@@ -435,4 +435,10 @@
   <data name="AuthResponseType" xml:space="preserve">
     <value>Authorization Response Type</value>
   </data>
+  <data name="VerifyUsers.HelpText" xml:space="preserve">
+    <value>Do you want existing users to perform an additional email verification step to link their external login? If you disable this option, existing users will be linked automatically.</value>
+  </data>
+  <data name="VerifyUsers.Text" xml:space="preserve">
+    <value>Verify Existing Users?</value>
+  </data>
 </root>
diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@@ -298,6 +298,7 @@ private static async Task<ClaimsIdentity> ValidateUser(string email, string id,
                 if (identityuser != null)
                 {
                     user = _users.GetUser(identityuser.UserName);
+                    user.SiteId = alias.SiteId;
                 }
                 else
                 {
@@ -351,7 +352,7 @@ private static async Task<ClaimsIdentity> ValidateUser(string email, string id,
                                             _notifications.AddNotification(notification);
 
                                             // add user login
-                                            await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType + ":" + alias.SiteId.ToString(), id, providerName));
+                                            await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType + ":" + user.SiteId.ToString(), id, providerName));
 
                                             _logger.Log(user.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "User Added {User}", user);
                                         }
@@ -380,18 +381,38 @@ private static async Task<ClaimsIdentity> ValidateUser(string email, string id,
                             var login = logins.FirstOrDefault(item => item.LoginProvider == (providerType + ":" + alias.SiteId.ToString()));
                             if (login == null)
                             {
-                                // new external login using existing user account - verification required
-                                var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
-                                string token = await _identityUserManager.GenerateEmailConfirmationTokenAsync(identityuser);
-                                string url = httpContext.Request.Scheme + "://" + alias.Name;
-                                url += $"/login?name={identityuser.UserName}&token={WebUtility.UrlEncode(token)}&key={WebUtility.UrlEncode(id)}";
-                                string body = $"You Recently Signed In To Our Site With {providerName} Using The Email Address {email}. ";
-                                body += "In Order To Complete The Linkage Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
-                                var notification = new Notification(alias.SiteId, email, email, "External Login Linkage", body);
-                                _notifications.AddNotification(notification);
-
-                                identity.Label = ExternalLoginStatus.VerificationRequired;
-                                _logger.Log(alias.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Verification For Provider {Provider} Sent To {Email}", providerName, email);
+                                if (bool.Parse(httpContext.GetSiteSettings().GetValue("ExternalLogin:VerifyUsers", "true")))
+                                {
+                                    // external login using existing user account - verification required
+                                    var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
+                                    string token = await _identityUserManager.GenerateEmailConfirmationTokenAsync(identityuser);
+                                    string url = httpContext.Request.Scheme + "://" + alias.Name;
+                                    url += $"/login?name={identityuser.UserName}&token={WebUtility.UrlEncode(token)}&key={WebUtility.UrlEncode(id)}";
+                                    string body = $"You Recently Signed In To Our Site With {providerName} Using The Email Address {email}. ";
+                                    body += "In Order To Complete The Linkage Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
+                                    var notification = new Notification(alias.SiteId, email, email, "External Login Linkage", body);
+                                    _notifications.AddNotification(notification);
+
+                                    identity.Label = ExternalLoginStatus.VerificationRequired;
+                                    _logger.Log(alias.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Verification For Provider {Provider} Sent To {Email}", providerName, email);
+                                }
+                                else
+                                {
+                                    // external login using existing user account - link automatically
+                                    user = _users.GetUser(identityuser.UserName);
+                                    user.SiteId = alias.SiteId;
+
+                                    var _notifications = httpContext.RequestServices.GetRequiredService<INotificationRepository>();
+                                    string url = httpContext.Request.Scheme + "://" + alias.Name;
+                                    string body = "You Recently Used An External Account To Sign In To Our Site.\n\n" + url + "\n\nThank You!";
+                                    var notification = new Notification(user.SiteId, user, "User Account Notification", body);
+                                    _notifications.AddNotification(notification);
+
+                                    // add user login
+                                    await _identityUserManager.AddLoginAsync(identityuser, new UserLoginInfo(providerType + ":" + user.SiteId.ToString(), id, providerName));
+
+                                    _logger.Log(user.SiteId, LogLevel.Information, "ExternalLogin", Enums.LogFunction.Create, "External Login Linkage Created For User {Username} And Provider {Provider}", user.Username, providerName);
+                                }
                             }
                             else
                             {