Prevent email verification from overriding existing sessions (#9075)

2022-07-22 11:45:26 +02:00
parent 81653cf5fd
commit e694e87814
1 changed files with 2 additions and 1 deletions
--- a/src/components/structures/auth/Registration.tsx
+++ b/src/components/structures/auth/Registration.tsx
@@ -382,7 +382,8 @@ export default class Registration extends React.Component<IProps, IState> {
        const hasEmail = Boolean(this.state.formVals.email);
        const hasAccessToken = Boolean(response.access_token);
        debuglog("Registration: ui auth finished:", { hasEmail, hasAccessToken });
-        if (!hasEmail && hasAccessToken) {
+        // don’t log in if we found a session for a different user
+        if (!hasEmail && hasAccessToken && !newState.differentLoggedInUserId) {
            // we'll only try logging in if we either have no email to verify at all or we're the client that verified
            // the email, not the client that started the registration flow
            await this.props.onLoggedIn({