From 389ded9b779a84c0c97371581f67e0ff0d4af57f Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Sat, 24 Jun 2023 22:15:04 +0200
Subject: [PATCH] Fixed oauth2 account spoofing using unverified discord
 accounts for claiming identity

---
 Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs b/Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs
index fc4c292b..0b8e7bde 100644
--- a/Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs
+++ b/Moonlight/App/OAuth2/Providers/DiscordOAuth2Provider.cs
@@ -86,6 +86,13 @@ public class DiscordOAuth2Provider : OAuth2Provider
 
         var email = getData.GetValue<string>("email");
         var id = getData.GetValue<ulong>("id");
+        var verified = getData.GetValue<bool>("verified");
+
+        if (!verified)
+        {
+            Logger.Warn("A user tried to use an unverified discord account to login", "security");
+            throw new DisplayException("You can only use verified discord accounts for oauth signin");
+        }
         
         // Handle data