From 1b0b99e12ec7807ca546269aa37ffbf805df6140 Mon Sep 17 00:00:00 2001
From: Antoine Clausse <antoine.clausse@overleaf.com>
Date: Thu, 4 Sep 2025 11:37:06 +0200
Subject: [PATCH] [web] Add unlinking third-party logins ability from the
 admin-panel (#28201)

* Add `clearThirdPartyLogins`

Co-authored-by: Brian Gough <brian.gough@overleaf.com>

* Add a confirmation modal

* Show provider name from settings

* Replace "logins" by "identifiers" for consistency with current terminology

* Hide button if user has no third-party identifiers

* Update tests

* Add test "unlinks Google account"

---------

Co-authored-by: Brian Gough <brian.gough@overleaf.com>
GitOrigin-RevId: 45b9b5ce6fa2cbeba9d4daeda97cd6e500c8266c
---
 .../web/app/src/Features/User/UserUpdater.js  | 22 +++++++++++++++++++
 .../test/unit/src/User/UserUpdaterTests.js    |  1 +
 2 files changed, 23 insertions(+)

diff --git a/services/web/app/src/Features/User/UserUpdater.js b/services/web/app/src/Features/User/UserUpdater.js
index adf67dfa3f..ee3aca2a42 100644
--- a/services/web/app/src/Features/User/UserUpdater.js
+++ b/services/web/app/src/Features/User/UserUpdater.js
@@ -19,6 +19,7 @@ const NotificationsBuilder = require('../Notifications/NotificationsBuilder')
 const _ = require('lodash')
 const Modules = require('../../infrastructure/Modules')
 const UserSessionsManager = require('./UserSessionsManager')
+const ThirdPartyIdentityManager = require('./ThirdPartyIdentityManager')
 
 async function _sendSecurityAlertPrimaryEmailChanged(
   userId,
@@ -182,6 +183,26 @@ async function clearSAMLData(userId, auditLog, sendEmail) {
   }
 }
 
+async function clearThirdPartyIdentifiers(userId, auditLog) {
+  const user = await UserGetter.promises.getUser(userId, {
+    thirdPartyIdentifiers: 1,
+  })
+  await UserAuditLogHandler.promises.addEntry(
+    userId,
+    'clear-third-party-identifiers',
+    auditLog.initiatorId,
+    auditLog.ipAddress,
+    {}
+  )
+  for (const thirdPartyIdentifier of user.thirdPartyIdentifiers || []) {
+    await ThirdPartyIdentityManager.promises.unlink(
+      userId,
+      thirdPartyIdentifier.providerId,
+      auditLog
+    )
+  }
+}
+
 /**
  * set the default email address by setting the `email` attribute. The email
  * must be one of the user's multiple emails (`emails` attribute)
@@ -665,6 +686,7 @@ module.exports = {
     addEmailAddress,
     changeEmailAddress,
     clearSAMLData,
+    clearThirdPartyIdentifiers,
     confirmEmail,
     removeEmailAddress,
     removeReconfirmFlag,
diff --git a/services/web/test/unit/src/User/UserUpdaterTests.js b/services/web/test/unit/src/User/UserUpdaterTests.js
index 2803e6d6f2..7b6f4dfcce 100644
--- a/services/web/test/unit/src/User/UserUpdaterTests.js
+++ b/services/web/test/unit/src/User/UserUpdaterTests.js
@@ -135,6 +135,7 @@ describe('UserUpdater', function () {
         '../Notifications/NotificationsBuilder': this.NotificationsBuilder,
         '../../infrastructure/Modules': this.Modules,
         './UserSessionsManager': this.UserSessionsManager,
+        './ThirdPartyIdentityManager': this.ThirdPartyIdentityManager,
       },
     })