devxjs
diff --git a/‎coderd/database/dump.sql
Lines changed: 2 additions & 0 deletions b/‎coderd/database/dump.sql
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/migrations/000205_unique_linked_id.down.sql
Lines changed: 1 addition & 0 deletions b/‎coderd/database/migrations/000205_unique_linked_id.down.sql
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/database/migrations/000205_unique_linked_id.up.sql
Lines changed: 21 additions & 0 deletions b/‎coderd/database/migrations/000205_unique_linked_id.up.sql
Lines changed: 21 additions & 0 deletions
diff --git a/‎coderd/database/migrations/testdata/fixtures/000048_userdelete.up.sql
Lines changed: 15 additions & 0 deletions b/‎coderd/database/migrations/testdata/fixtures/000048_userdelete.up.sql
Lines changed: 15 additions & 0 deletions
diff --git a/‎coderd/database/unique_constraint.go
Lines changed: 1 addition & 0 deletions b/‎coderd/database/unique_constraint.go
Lines changed: 1 addition & 0 deletions
@@ -0,0 +1 @@
+DROP INDEX user_links_linked_id_login_type_idx;
@@ -0,0 +1,21 @@
+-- Remove the linked_id if two user_links share the same value.
+-- This will affect the user if they attempt to change their settings on
+-- the oauth/oidc provider. However, if two users exist with the same
+-- linked_value, there is no way to determine correctly which user should
+-- be updated. Since the linked_id is empty, this value will be linked
+-- by email.
+UPDATE ONLY user_links AS out
+SET
+	linked_id =
+		CASE WHEN (
+			  -- When the count of linked_id is greater than 1, set the linked_id to empty
+			  SELECT
+			      COUNT(*)
+			  FROM
+			      user_links inn
+			  WHERE
+			      out.linked_id = inn.linked_id AND out.login_type = inn.login_type
+		  ) > 1 THEN '' ELSE out.linked_id END;
+
+-- Enforce unique linked_id constraint on non-empty linked_id
+CREATE UNIQUE INDEX user_links_linked_id_login_type_idx ON user_links USING btree (linked_id, login_type) WHERE (linked_id != '');
@@ -17,3 +17,18 @@ INSERT INTO public.user_links(user_id, login_type, linked_id, oauth_access_token
 -- This has happened on a production database.
 INSERT INTO public.user_links(user_id, login_type, linked_id, oauth_access_token)
 VALUES('fc1511ef-4fcf-4a3b-98a1-8df64160e35a', 'oidc', 'foo', '');
+
+
+-- Lastly, make 2 other users who have the same user link.
+INSERT INTO public.users(id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, deleted)
+VALUES ('580ed397-727d-4aaf-950a-51f89f556c24', 'dup_link_a@coder.com', 'dupe_a', '\x', '2022-11-02 13:05:21.445455+02', '2022-11-02 13:05:21.445455+02', 'active', '{}', false) ON CONFLICT DO NOTHING;
+INSERT INTO public.organization_members VALUES ('580ed397-727d-4aaf-950a-51f89f556c24', 'bb640d07-ca8a-4869-b6bc-ae61ebb2fda1', '2022-11-02 13:05:21.447595+02', '2022-11-02 13:05:21.447595+02', '{}') ON CONFLICT DO NOTHING;
+INSERT INTO public.user_links(user_id, login_type, linked_id, oauth_access_token)
+VALUES('580ed397-727d-4aaf-950a-51f89f556c24', 'github', '500', '');
+
+
+INSERT INTO public.users(id, email, username, hashed_password, created_at, updated_at, status, rbac_roles, deleted)
+VALUES ('c813366b-2fde-45ae-920c-101c3ad6a1e1', 'dup_link_b@coder.com', 'dupe_b', '\x', '2022-11-02 13:05:21.445455+02', '2022-11-02 13:05:21.445455+02', 'active', '{}', false) ON CONFLICT DO NOTHING;
+INSERT INTO public.organization_members VALUES ('c813366b-2fde-45ae-920c-101c3ad6a1e1', 'bb640d07-ca8a-4869-b6bc-ae61ebb2fda1', '2022-11-02 13:05:21.447595+02', '2022-11-02 13:05:21.447595+02', '{}') ON CONFLICT DO NOTHING;
+INSERT INTO public.user_links(user_id, login_type, linked_id, oauth_access_token)
+VALUES('c813366b-2fde-45ae-920c-101c3ad6a1e1', 'github', '500', '');
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+DROP INDEX user_links_linked_id_login_type_idx;`