From 92f4a8b683cc0593c63164211a92048370641ebc Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 19 Jan 2026 10:13:01 -0500 Subject: [PATCH] fix #5965 - validate user registration before adding user to a site --- Oqtane.Server/Managers/UserManager.cs | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/Oqtane.Server/Managers/UserManager.cs b/Oqtane.Server/Managers/UserManager.cs index ea76e39a..67fbd04f 100644 --- a/Oqtane.Server/Managers/UserManager.cs +++ b/Oqtane.Server/Managers/UserManager.cs @@ -181,13 +181,23 @@ namespace Oqtane.Managers succeeded = true; if (!user.IsAuthenticated) { - var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, false); - succeeded = result.Succeeded; - if (!succeeded) + // validate if the user already exists for the site + succeeded = string.IsNullOrEmpty(GetUser(user.Username, user.SiteId).Roles); + if (succeeded) { - errors = "Password Not Valid For User"; + // a user is registering for a new site - ensure their password is valid + var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, false); + succeeded = result.Succeeded; + if (!succeeded) + { + errors = "User Already Exists In Installation But Cannot Be Added To A Site Because The Password Provided Is Not Valid"; + } + user.EmailConfirmed = succeeded; + } + else + { + errors = "User Already Exists In Site"; } - user.EmailConfirmed = succeeded; } }