@@ -6,8 +6,15 @@
|
6 | 6 | import { asDateTimestampMs } from "../../shared/number-coercion.js"; |
7 | 7 | import { cloneAuthProfileStore } from "./clone.js"; |
8 | 8 | import { hasUsableOAuthCredential as hasUsableStoredOAuthCredential } from "./credential-state.js"; |
| 9 | +import { |
| 10 | +isSafeToCopyOAuthIdentity, |
| 11 | +normalizeAuthEmailToken, |
| 12 | +normalizeAuthIdentityToken, |
| 13 | +} from "./oauth-identity.js"; |
9 | 14 | import type { AuthProfileStore, OAuthCredential } from "./types.js"; |
10 | 15 | |
| 16 | +export { normalizeAuthEmailToken, normalizeAuthIdentityToken } from "./oauth-identity.js"; |
| 17 | + |
11 | 18 | /** OAuth profile imported from a runtime external CLI source. */ |
12 | 19 | export type RuntimeExternalOAuthProfile = { |
13 | 20 | profileId: string; |
@@ -74,17 +81,6 @@ export function hasUsableOAuthCredential(
|
74 | 81 | return hasUsableStoredOAuthCredential(credential, { now }); |
75 | 82 | } |
76 | 83 | |
77 | | -/** Normalizes account identity tokens for equality checks. */ |
78 | | -export function normalizeAuthIdentityToken(value: string | undefined): string | undefined { |
79 | | -const trimmed = value?.trim(); |
80 | | -return trimmed ? trimmed : undefined; |
81 | | -} |
82 | | - |
83 | | -/** Normalizes auth email identity tokens for equality checks. */ |
84 | | -export function normalizeAuthEmailToken(value: string | undefined): string | undefined { |
85 | | -return normalizeAuthIdentityToken(value)?.toLowerCase(); |
86 | | -} |
87 | | - |
88 | 84 | /** Returns true when an OAuth credential has account or email identity. */ |
89 | 85 | export function hasOAuthIdentity( |
90 | 86 | credential: Pick<OAuthCredential, "accountId" | "email">, |
@@ -100,19 +96,7 @@ export function hasMatchingOAuthIdentity(
|
100 | 96 | existing: Pick<OAuthCredential, "accountId" | "email">, |
101 | 97 | incoming: Pick<OAuthCredential, "accountId" | "email">, |
102 | 98 | ): boolean { |
103 | | -const existingAccountId = normalizeAuthIdentityToken(existing.accountId); |
104 | | -const incomingAccountId = normalizeAuthIdentityToken(incoming.accountId); |
105 | | -if (existingAccountId !== undefined && incomingAccountId !== undefined) { |
106 | | -return existingAccountId === incomingAccountId; |
107 | | -} |
108 | | - |
109 | | -const existingEmail = normalizeAuthEmailToken(existing.email); |
110 | | -const incomingEmail = normalizeAuthEmailToken(incoming.email); |
111 | | -if (existingEmail !== undefined && incomingEmail !== undefined) { |
112 | | -return existingEmail === incomingEmail; |
113 | | -} |
114 | | - |
115 | | -return false; |
| 99 | +return hasOAuthIdentity(existing) && isSafeToCopyOAuthIdentity(existing, incoming); |
116 | 100 | } |
117 | 101 | |
118 | 102 | // Different adoption paths have different safety thresholds. Bootstrap can |
|