IUserAuthenticationTokenStore fails to set token if token already exists

[deanmarcussen]

this code

OrchardCore/src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs

Lines 687 to 704 in bbbc79a

	var userToken = GetUserToken(user, loginProvider, name);
	if (userToken == null && user is User u)
	{
	userToken = new UserToken
	{
	LoginProvider = loginProvider,
	Name = name
	};
	u.UserTokens.Add(userToken);
	}
	// Encrypt the token.
	if (userToken != null)
	{
	userToken.Value = _dataProtectionProvider.CreateProtector(TokenProtector).Protect(value);
	}

looks like it has lots of problems.

Firstly, if the token is found in the UserTokens list, it doesn't reset it.
This assumes that the value is still the same, when if you're storing access tokens or similar, then the value has changed.

Also on Line 701 it protects the token. Which would double /triple etc protect it, if the token already exists.

There is a RemoveAsync method, on the api, but to me, it doesn't make sense that you're forced to check for an existing token, then remove it, then re add it.

[deanmarcussen]

Closing re read the code better, and it would work.

Must have a problem somewhere else