From 3176d05afcec13fa18d894a1e96a0d2ea7fa429e Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <admin@comfycamp.space>
Date: Sat, 21 Sep 2024 12:55:16 +0500
Subject: [PATCH] fix(oidc): use user data from temporary code, not from
 conn.assigns

---
 lib/comfycamp/sso.ex                              | 2 +-
 lib/comfycamp_web/controllers/oauth_controller.ex | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/comfycamp/sso.ex b/lib/comfycamp/sso.ex
index 357391c..442ed86 100644
--- a/lib/comfycamp/sso.ex
+++ b/lib/comfycamp/sso.ex
@@ -70,7 +70,7 @@ defmodule Comfycamp.SSO do
 
     query =
       from c in OIDCCode,
-        preload: [:oidc_app],
+        preload: [:oidc_app, :user],
         where: c.value == ^value and c.inserted_at >= ^ten_minutes_ago
 
     Repo.one!(query)
diff --git a/lib/comfycamp_web/controllers/oauth_controller.ex b/lib/comfycamp_web/controllers/oauth_controller.ex
index 1affb08..7516102 100644
--- a/lib/comfycamp_web/controllers/oauth_controller.ex
+++ b/lib/comfycamp_web/controllers/oauth_controller.ex
@@ -96,9 +96,9 @@ defmodule ComfycampWeb.OauthController do
     # Delete the code.
     SSO.delete_oidc_code(code)
 
-    {access_token, refresh_token} = Accounts.generate_oauth_tokens(conn.assigns.current_user)
+    {access_token, refresh_token} = Accounts.generate_oauth_tokens(code.user)
 
-    id_token = IDToken.build_id_token(conn.assigns.current_user, oidc_app.client_id)
+    id_token = IDToken.build_id_token(code.user, oidc_app.client_id)
     {:ok, signed_id_token, _claims} = Token.generate_and_sign(id_token)
 
     render(conn, :token,