From 316edec02057e0940cbf93ade4b9624c41b0cf8a Mon Sep 17 00:00:00 2001
From: Henrik Hautakoski <henrik.hautakoski@gmail.com>
Date: Mon, 13 Aug 2018 13:33:17 +0200
Subject: [PATCH] app/library/Auth.php: in loginOauth() should return false if
 there is no user.

---
 app/library/Auth.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/app/library/Auth.php b/app/library/Auth.php
index 2ec49ae..9afb5c0 100644
--- a/app/library/Auth.php
+++ b/app/library/Auth.php
@@ -44,24 +44,21 @@ class Auth extends Component
      * Login using OAuth
      *
      * @param UserDataInterface $data
-     * @return bool|\Phalcon\Mvc\Model\MessageInterface[]
+     * @return bool
      */
     public function loginOauth(UserDataInterface $data)
     {
         $user = User::findFirstByOAuthID($data);
 
+        // Did not find any user.
         if (!$user) {
-            // Did not find any user. create him.
-            $user = User::createFromOAuthData($data);
-
-            if ($user->save() === false) {
-                return $user->getMessages();
-            }
+            return false;
         }
+
         // Here we activate the user.
         // As for OAuth we perform registration if the user does not exist.
         // We should therefore activate deleted accounts.
-        else if ($user->Status == User::STATUS_DELETED) {
+        if ($user->Status == User::STATUS_DELETED) {
             $user->Status = User::STATUS_ACTIVE;
             $user->save();
         }