From f9f5865ef950a86b7dbc1cff845b586f32be96a6 Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Sat, 24 Jun 2023 22:35:38 +0200
Subject: [PATCH] Prevent user locking when duplicating the email entries

---
 Moonlight/Shared/Views/Profile/Index.razor | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/Moonlight/Shared/Views/Profile/Index.razor b/Moonlight/Shared/Views/Profile/Index.razor
index b9e80da8..1b49bba4 100644
--- a/Moonlight/Shared/Views/Profile/Index.razor
+++ b/Moonlight/Shared/Views/Profile/Index.razor
@@ -5,6 +5,8 @@
 @using Moonlight.App.Models.Forms
 @using Moonlight.App.Repositories
 @using Mappy.Net
+@using Moonlight.App.Exceptions
+@using Moonlight.App.Helpers
 
 @inject UserRepository UserRepository
 
@@ -89,10 +91,21 @@
 
     private Task Save()
     {
+        // Prevent users from locking out other users by changing their email
+        
+        Model.Email = Model.Email.ToLower();
+        var userWithThatEmail = UserRepository
+            .Get()
+            .FirstOrDefault(x => x.Email == Model.Email);
+
+        if (userWithThatEmail != null && CurrentUser.Id != userWithThatEmail.Id)
+        {
+            Logger.Warn($"A user tried to lock another user out by changing the email. Email: {Model.Email}", "security");
+            throw new DisplayException("A user with that email does already exist");
+        }
+        
         CurrentUser = Mapper.Map(CurrentUser, Model);
 
-        CurrentUser.Email = CurrentUser.Email.ToLower();
-        
         UserRepository.Update(CurrentUser);
         
         return Task.CompletedTask;