auto-fix accounts with no primary identity

1 files changed, 6 insertions, 1 deletions

diff --git a/src/routers/vault/middlewares/session.js b/src/routers/vault/middlewares/session.js
index 336cfcd..8b64165 100644
--- a/src/routers/vault/middlewares/session.js
+++ b/src/routers/vault/middlewares/session.js
@@ -254,7 +254,12 @@ const new_session = async (req, res, next) => {
             return;
         } else {
             // auth flow
-            if (identity.id !== account.primaryIdentity && !account.allowNonPrimary) {
+            if (account.primaryIdentity === null || account.primaryIdentity === undefined) {
+                // the vault account has no primary identity (bug): let's fix this
+                console.warn(`Vault.session: fixing account with no primary identity {${session.vault}} [${req.ip}]`);
+                account.primaryIdentity = identity.id;
+                await account.save();
+            } else if (identity.id !== account.primaryIdentity && !account.allowNonPrimary) {
                 res.status(423).json({
                     status: "error",
                     error: "non-primary login is disabled",