Changed my mind about unauth in register flow

Rather than forcing you to not be logged in to use the registerAccount flow, it's probably better to just ignore any login tokens in that flow, especially since you're going to be logged out of your current session at the end of the flow anyway when it logs you into the new token.
sillsdev · May 17, 2024 · 04cc4eb · 04cc4eb
1 parent f19c43a
commit 04cc4eb
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/backend/LexBoxApi/Controllers/UserController.cs b/backend/LexBoxApi/Controllers/UserController.cs
@@ -42,7 +42,7 @@ LexAuthService lexAuthService
     }
 
     [HttpPost("registerAccount")]
-    [AllowAnonymous] // Is there a RequireAnonymous attribute?
+    [AllowAnonymous]
     [ProducesResponseType(StatusCodes.Status200OK)]
     [ProducesErrorResponseType(typeof(Dictionary<string, string[]>))]
     [ProducesDefaultResponseType]
@@ -57,13 +57,6 @@ public async Task<ActionResult<LexAuthUser>> RegisterAccount(RegisterAccountInpu
             return ValidationProblem(ModelState);
         }
 
-        var jwtUser = _loggedInContext.MaybeUser;
-        if (jwtUser is not null)
-        {
-            // TODO: Figure out how to register this error (AddModelError<RegisterAccountInput> isn't correct, obviously)
-            ModelState.AddModelError<RegisterAccountInput>(r => r.Email, "must not access register flow while logged in");
-        }
-
         var hasExistingUser = await _lexBoxDbContext.Users.FilterByEmailOrUsername(accountInput.Email).AnyAsync();
         registerActivity?.AddTag("app.email_available", !hasExistingUser);
         if (hasExistingUser)