feat(auth): implement unified email accounts for OAuth and local users #1121
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@kaumudpa is attempting to deploy a commit to the Listinai Team on Vercel. A member of the Team first needs to authorize it. |
![sentry[bot]](https://avatars.githubusercontent.com/u/1396951?s=60&v=4){kind=small}
Unify account handling so OAuth users and local users share the same email record. When a user signs up with OAuth, if their email already exists as a local account, the accounts are linked. This allows users to: - Sign in with either OAuth or local credentials - Have a single user profile regardless of auth method Includes null checks and proper user object handling for JWT activation.
kaumudpa
force-pushed
the
Unified-Account
branch
from
e8eed2f to
1bdde08
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Title
feat(auth): add unified email accounts - optional account linking across providers
What kind of change does this PR introduce?
Feature - Adds opt-in unified email accounts that allow users to access their account through any authentication provider (OAuth or email/password) using the same email address.
Why was this change needed?
Currently, Postiz treats each provider + email combination as a separate account. This creates friction for users:
This PR introduces a new
UNIFIED_EMAIL_ACCOUNTSenvironment variable (default:false) that when enabled:Security: When an OAuth user adds a password, email verification is required to prevent account hijacking.
Backward compatibility: When the flag is disabled (default), all existing behavior is 100% preserved.
Fixes #1120
Other information:
Files changed:
auth.service.ts- Core logic with flag checksauth.controller.ts- Simplified to use service responseusers.repository.ts- AddedgetUserByEmailAnyProvider(),setPassword(),setPasswordHash()users.service.ts- Exposed new repository methods.env.example- Documented new variableNew environment variable:
This feature is useful for self-hosted instances that want a single account per email across multiple auth providers.
Checklist:
Put a "X" in the boxes below to indicate you have followed the checklist;