removing user from auth if no data was found in the db

2024-09-20 15:26:15 +08:00 · 2023-08-06 22:19:54 +02:00 · 2023-08-06 22:19:54 +02:00 · 0960d32a1a
parent 612331ac72
commit 0960d32a1a
1 changed files with 11 additions and 19 deletions
--- a/backend/src/api/controllers/user.ts
+++ b/backend/src/api/controllers/user.ts
@ -320,25 +320,17 @@ export async function getUser(
    userInfo = await UserDAL.getUser(uid, "get user");
  } catch (e) {
    if (e.status === 404) {
-      let user;
-      try {
-        user = await FirebaseAdmin().auth().getUser(uid);
-        //exists, recreate in db
-        await UserDAL.addUser(user.displayName, user.email, uid);
-        userInfo = await UserDAL.getUser(uid, "get user (recreated)");
-      } catch (e) {
-        if (e.code === "auth/user-not-found") {
-          //doesnt exist
-          throw new MonkeyError(
-            404,
-            "User not found in the database or authentication system. Please try to sign up again.",
-            "get user",
-            uid
-          );
-        } else {
-          throw e;
-        }
-      }
+      //if the user is in the auth system but not in the db, its possible that the user was created by bypassing captcha
+      //since there is no data in the database anyway, we can just delete the user from the auth system
+      //and ask them to sign up again
+
+      await FirebaseAdmin().auth().deleteUser(uid);
+      throw new MonkeyError(
+        404,
+        "User not found in the database, but found in the auth system. We have deleted the ghost user from the auth system. Please sign up again.",
+        "get user",
+        uid
+      );
    } else {
      throw e;
    }