(authData, userAuthData)
| 483 | }; |
| 484 | |
| 485 | const hasMutatedAuthData = (authData, userAuthData) => { |
| 486 | if (!userAuthData) { return { hasMutatedAuthData: true, mutatedAuthData: authData }; } |
| 487 | const mutatedAuthData = {}; |
| 488 | Object.keys(authData).forEach(provider => { |
| 489 | // Anonymous provider is not handled this way |
| 490 | if (provider === 'anonymous') { return; } |
| 491 | const providerData = authData[provider]; |
| 492 | const userProviderAuthData = userAuthData[provider]; |
| 493 | |
| 494 | // If unlinking (setting to null), consider it mutated |
| 495 | if (providerData === null) { |
| 496 | mutatedAuthData[provider] = providerData; |
| 497 | return; |
| 498 | } |
| 499 | |
| 500 | // If provider doesn't exist in stored data, it's new |
| 501 | if (!userProviderAuthData) { |
| 502 | mutatedAuthData[provider] = providerData; |
| 503 | return; |
| 504 | } |
| 505 | |
| 506 | // Check if incoming data represents actual changes vs just echoing back |
| 507 | // what afterFind returned. If incoming data is a subset of stored data |
| 508 | // (all incoming fields match stored values), it's not mutated. |
| 509 | // If incoming data has different values or fields not in stored data, it's mutated. |
| 510 | // This handles the case where afterFind strips sensitive fields like 'code': |
| 511 | // - Incoming: { id: 'x' }, Stored: { id: 'x', code: 'secret' } -> NOT mutated (subset) |
| 512 | // - Incoming: { id: 'x', token: 'new' }, Stored: { id: 'x', token: 'old' } -> MUTATED |
| 513 | const incomingKeys = Object.keys(providerData || {}); |
| 514 | const hasChanges = incomingKeys.some(key => { |
| 515 | return !isDeepStrictEqual(providerData[key], userProviderAuthData[key]); |
| 516 | }); |
| 517 | |
| 518 | if (hasChanges) { |
| 519 | mutatedAuthData[provider] = providerData; |
| 520 | } |
| 521 | }); |
| 522 | const hasMutatedAuthData = Object.keys(mutatedAuthData).length !== 0; |
| 523 | return { hasMutatedAuthData, mutatedAuthData }; |
| 524 | }; |
| 525 | |
| 526 | const checkIfUserHasProvidedConfiguredProvidersForLogin = ( |
| 527 | req = {}, |
nothing calls this directly
no outgoing calls
no test coverage detected
searching dependent graphs…