statamic · jasonvarga · Dec 16, 2024 · Sep 27, 2024 · Sep 27, 2024 · Sep 27, 2024
diff --git a/resources/views/auth/unauthorized.blade.php b/resources/views/auth/unauthorized.blade.php
@@ -10,7 +10,11 @@
     <div class="outside-shadow absolute inset-0"></div>
     <div class="card auth-card">
         <div class="mb-6">{{ __('Unauthorized') }}</div>
-        <a class="btn-primary" href="{{ cp_route('logout') }}?redirect={{ $redirect }}">{{ __('Log out') }}</a>
+        @auth
+            <a class="btn-primary" href="{{ cp_route('logout') }}?redirect={{ $redirect }}">{{ __('Log out') }}</a>
+        @else
+            <a class="btn-primary" href="{{ cp_route('login') }}">{{ __('Log in') }}</a>
+        @endauth
     </div>
 </div>
 

diff --git a/src/Http/Controllers/OAuthController.php b/src/Http/Controllers/OAuthController.php
@@ -36,14 +36,24 @@ public function handleProviderCallback(Request $request, string $provider)
             return $this->redirectToProvider($request, $provider);
         }
 
-        $user = $oauth->findOrCreateUser($providerUser);
+        if ($user = $oauth->findUser($providerUser)) {
+            if (config('statamic.oauth.merge_user_data', true)) {
+                $user = $oauth->mergeUser($user, $providerUser);
+            }
+        } elseif (config('statamic.oauth.create_user', true)) {
+            $user = $oauth->createUser($providerUser);
+        }
 
-        session()->put('oauth-provider', $provider);
+        if ($user) {
+            session()->put('oauth-provider', $provider);
 
-        Auth::guard($request->session()->get('statamic.oauth.guard'))
-            ->login($user, config('statamic.oauth.remember_me', true));
+            Auth::guard($request->session()->get('statamic.oauth.guard'))
+                ->login($user, config('statamic.oauth.remember_me', true));
 
-        return redirect()->to($this->successRedirectUrl());
+            return redirect()->to($this->successRedirectUrl());
+        } else {
+            return redirect()->to($this->unauthorizedRedirectUrl());
+        }
     }
 
     protected function successRedirectUrl()
@@ -60,4 +70,9 @@ protected function successRedirectUrl()
 
         return Arr::get($query, 'redirect', $default);
     }
+
+    protected function unauthorizedRedirectUrl()
+    {
+        return config('statamic.oauth.unauthorized_redirect', '/cp/auth/unauthorized');
+    }
 }
diff --git a/src/OAuth/Provider.php b/src/OAuth/Provider.php
@@ -45,15 +45,29 @@ public function getUserId(string $id): ?string
     }
 
     public function findOrCreateUser($socialite): StatamicUser
+    {
+        if ($user = $this->findUser($socialite)) {
+            return $this->mergeUser($user, $socialite);
+        }
+
+        return $this->createUser($socialite);
+    }
+
+    /**
+     * Find a Statamic user by a Socialite user.
+     *
+     * @param  SocialiteUser  $socialite
+     */
+    public function findUser($socialite): ?StatamicUser
     {
         if (
             ($user = User::findByOAuthId($this, $socialite->getId())) ||
             ($user = User::findByEmail($socialite->getEmail()))
         ) {
-            return $this->mergeUser($user, $socialite);
+            return $user;
         }
 
-        return $this->createUser($socialite);
+        return null;
     }
 
     /**

diff --git a/tests/OAuth/ProviderTest.php b/tests/OAuth/ProviderTest.php
@@ -122,7 +122,39 @@ public function it_creates_a_user()
     }
 
     #[Test]
-    public function it_finds_an_existing_user_by_email()
+    public function it_finds_an_existing_user_via_find_user_method()
+    {
+        $provider = $this->provider();
+
+        $savedUser = $this->user()->save();
+
+        $this->assertCount(1, UserFacade::all());
+        $this->assertEquals([$savedUser], UserFacade::all()->all());
+
+        $foundUser = $provider->findUser($this->socialite());
+
+        $this->assertCount(1, UserFacade::all());
+        $this->assertEquals([$savedUser], UserFacade::all()->all());
+        $this->assertEquals($savedUser, $foundUser);
+    }
+
+    #[Test]
+    public function it_does_not_find_or_create_a_user_via_find_user_method()
+    {
+        $this->assertCount(0, UserFacade::all());
+
+        $provider = $this->provider();
+        $foundUser = $provider->findUser($this->socialite());
+
+        $this->assertNull($foundUser);
+
+        $this->assertCount(0, UserFacade::all());
+        $user = UserFacade::all()->get(0);
+        $this->assertNull($user);
+    }
+
+    #[Test]
+    public function it_finds_an_existing_user_via_find_or_create_user_method()
     {
         $provider = $this->provider();
 
@@ -138,6 +170,22 @@ public function it_finds_an_existing_user_by_email()
         $this->assertEquals($savedUser, $foundUser);
     }
 
+    #[Test]
+    public function it_creates_a_user_via_find_or_create_user_method()
+    {
+        $this->assertCount(0, UserFacade::all());
+
+        $provider = $this->provider();
+        $provider->findOrCreateUser($this->socialite());
+
+        $this->assertCount(1, UserFacade::all());
+        $user = UserFacade::all()->get(0);
+        $this->assertNotNull($user);
+        $this->assertEquals('[email protected]', $user->email());
+        $this->assertEquals('Foo Bar', $user->name());
+        $this->assertEquals($user->id(), $provider->getUserId('foo-bar'));
+    }
+
     #[Test]
     public function it_gets_the_user_by_id_after_merging_data()
     {