fix(auth-emailpass): better handle identity with same email error (#13537)

* fix(auth-emailpass): better handle identity with same email error

* add test

* Create blue-laws-argue.md

* check for empty object

* trueeee

* nit

* flip condition

packages/modules/providers/auth-emailpass/src/services/emailpass.ts

@@ -6,17 +6,20 @@ import {
   EmailPassAuthProviderOptions,
   Logger,
 } from "@medusajs/framework/types"
-import {
-  AbstractAuthModuleProvider,
-  isString,
-  MedusaError,
-} from "@medusajs/framework/utils"
+import { AbstractAuthModuleProvider, isString, MedusaError, } from "@medusajs/framework/utils"
 import Scrypt from "scrypt-kdf"
+import { isPresent } from "@medusajs/utils"
 
 type InjectedDependencies = {
   logger: Logger
 }
 
+type AuthIdentityParams = {
+  email: string;
+  password: string;
+  authIdentityService: AuthIdentityProviderService
+}
+
 interface LocalServiceConfig extends EmailPassAuthProviderOptions {}
 
 export class EmailPassAuthService extends AbstractAuthModuleProvider {
@@ -79,25 +82,6 @@ export class EmailPassAuthService extends AbstractAuthModuleProvider {
     }
   }
 
-  protected async createAuthIdentity({ email, password, authIdentityService }) {
-    const passwordHash = await this.hashPassword(password)
-
-    const createdAuthIdentity = await authIdentityService.create({
-      entity_id: email,
-      provider_metadata: {
-        password: passwordHash,
-      },
-    })
-
-    const copy = JSON.parse(JSON.stringify(createdAuthIdentity))
-    const providerIdentity = copy.provider_identities?.find(
-      (pi) => pi.provider === this.provider
-    )!
-    delete providerIdentity.provider_metadata?.password
-
-    return copy
-  }
-
   async authenticate(
     userData: AuthenticationInput,
     authIdentityService: AuthIdentityProviderService
@@ -185,17 +169,31 @@ export class EmailPassAuthService extends AbstractAuthModuleProvider {
     }
 
     try {
-      await authIdentityService.retrieve({
+      const identity = await authIdentityService.retrieve({
         entity_id: email,
       })
 
+      // If app_metadata is not defined or empty, it means no actor was assigned to the auth_identity yet (still "claimable")
+      if (!isPresent(identity.app_metadata)) {
+        const updatedAuthIdentity = await this.upsertAuthIdentity('update', {
+          email,
+          password,
+          authIdentityService,
+        })
+
+        return {
+          success: true,
+          authIdentity: updatedAuthIdentity,
+        }
+      }
+
       return {
         success: false,
         error: "Identity with email already exists",
       }
     } catch (error) {
       if (error.type === MedusaError.Types.NOT_FOUND) {
-        const createdAuthIdentity = await this.createAuthIdentity({
+        const createdAuthIdentity = await this.upsertAuthIdentity('create', {
           email,
           password,
           authIdentityService,
@@ -210,4 +208,27 @@ export class EmailPassAuthService extends AbstractAuthModuleProvider {
       return { success: false, error: error.message }
     }
   }
+
+  private async upsertAuthIdentity(type: 'update' | 'create', { email, password, authIdentityService }: AuthIdentityParams) {
+    const passwordHash = await this.hashPassword(password)
+
+    const authIdentity = type === 'create' ? await authIdentityService.create({
+        entity_id: email,
+        provider_metadata: {
+          password: passwordHash,
+        },
+      }) : await authIdentityService.update(email, {
+      provider_metadata: {
+        password: passwordHash,
+      },
+    })
+
+    const copy = JSON.parse(JSON.stringify(authIdentity))
+    const providerIdentity = copy.provider_identities?.find(
+      (pi) => pi.provider === this.provider
+    )!
+    delete providerIdentity.provider_metadata?.password
+
+    return copy
+  }
 }