From bc5b9ca2e6b2e1e39bf14e88c84664a4e41f7af7 Mon Sep 17 00:00:00 2001
From: David Bomba <turbo124@gmail.com>
Date: Tue, 27 Jul 2021 08:33:44 +1000
Subject: [PATCH] Prevent connected accounts being linked to existing users

---
 app/Http/Controllers/ConnectedAccountController.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/ConnectedAccountController.php b/app/Http/Controllers/ConnectedAccountController.php
index b53b7bb34e82..ab769eac960c 100644
--- a/app/Http/Controllers/ConnectedAccountController.php
+++ b/app/Http/Controllers/ConnectedAccountController.php
@@ -104,8 +104,13 @@ class ConnectedAccountController extends BaseController
             $refresh_token = '';
             $token = '';
 
+            $email = $google->harvestEmail($user);
+
+            if(auth()->user()->email != $email && MultiDB::checkUserEmailExists($email))
+                return response()->json(['message' => ctrans('texts.email_already_register')], 400)
+
             $connected_account = [
-                'email' => $google->harvestEmail($user),
+                'email' => $email,
                 'oauth_user_id' => $google->harvestSubField($user),
                 'oauth_provider_id' => 'google',
                 'email_verified_at' =>now()