From c291a356dbbd5c981cf5f745d733fc1e8691ac16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?=
 <timothee.jaussoin@belledonne-communications.com>
Date: Tue, 1 Sep 2020 16:48:31 +0200
Subject: [PATCH] Prevent emails to be reused and changed to an exisiting one
 in the Controllers

---
 flexiapi/app/Http/Controllers/Account/EmailController.php    | 2 +-
 flexiapi/app/Http/Controllers/Account/RegisterController.php | 2 +-
 flexiapi/resources/views/account/email.blade.php             | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/flexiapi/app/Http/Controllers/Account/EmailController.php b/flexiapi/app/Http/Controllers/Account/EmailController.php
index 284e10b..64b5302 100644
--- a/flexiapi/app/Http/Controllers/Account/EmailController.php
+++ b/flexiapi/app/Http/Controllers/Account/EmailController.php
@@ -20,7 +20,7 @@ class EmailController extends Controller
     public function update(Request $request)
     {
         $request->validate([
-            'email' => 'required|confirmed|email',
+            'email' => 'required|unique:external.accounts,email|different:email_current|confirmed|email',
         ]);
 
         $account = $request->user();
diff --git a/flexiapi/app/Http/Controllers/Account/RegisterController.php b/flexiapi/app/Http/Controllers/Account/RegisterController.php
index ad54f60..3795615 100644
--- a/flexiapi/app/Http/Controllers/Account/RegisterController.php
+++ b/flexiapi/app/Http/Controllers/Account/RegisterController.php
@@ -49,7 +49,7 @@ class RegisterController extends Controller
             'terms' => 'accepted',
             'username' => 'required|unique:external.accounts,username|min:6',
             'g-recaptcha-response'  => 'required|captcha',
-            'email' => 'required|email|confirmed'
+            'email' => 'required|email|unique:external.accounts,email|confirmed'
         ]);
 
         $account = new Account;
diff --git a/flexiapi/resources/views/account/email.blade.php b/flexiapi/resources/views/account/email.blade.php
index 575a89f..f9b300e 100644
--- a/flexiapi/resources/views/account/email.blade.php
+++ b/flexiapi/resources/views/account/email.blade.php
@@ -20,6 +20,8 @@
     {!! Form::email('email_confirmation', old('email_confirm'), ['class' => 'form-control', 'placeholder' => 'username@server.com', 'required']) !!}
 </div>
 
+{!! Form::hidden('email_current', $account->email) !!}
+
 {!! Form::submit('Change', ['class' => 'btn btn-primary btn-centered']) !!}
 {!! Form::close() !!}