Realm is not supported when looking up existing players

[cadesalaberry]

https://github.com/strongloop/loopback-component-passport/blob/74abd781c8c99bfc8863e3387aca2fbc6fa710ff/lib/models/user-identity.js#L188-L199

If the player email or username already exists, it is automatically assigned to the existing player.

However, if this player is in a realm ADMIN, and the default behaviour is to create SSO player with a realm PLAYER, I run into a situation where my player now has admin access, even if it tried to login on the PLAYER side.

I will not have time to tackle this right now, but I will leave this issue here for reference. Meanwhile, here is my take on it.

I would expect the options to accept

{
  "loopbackRealm": "PLAYER"
}

And the code to do something like the following:

var query = { and: [] };
if (options.loopbackRealm)
  query.and.push({ realm: options.loopbackRealm });

if (userObj.email && userObj.username) { 
  query.and.push({ 
    or: [{username: userObj.username}, {email: userObj.email}], 
  });
} else if (userObj.email) { 
  query.and.push({email: userObj.email});
} else {
  query.and.push({username: userObj.username});
} 

userModel.findOrCreate({where: query}, userObj, function(err, user) { 

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been closed due to continued inactivity. Thank you for your understanding. If you believe this to be in error, please contact one of the code owners, listed in the CODEOWNERS file at the top-level of this repository.

[ali-nahid]

Refer: https://www.npmjs.com/package/@7isys/loopback-component-passport with support for realms.