Improve errors when email is already in use (#4014)

Fixes #1485 Also fixes an issue where email_verified was being set to true regardless of whether the oauth provider provides an email (thus indicating that a null email is verified)
2025-07-17 21:59:48 -04:00 · 2025-07-17 21:59:48 -04:00 · 0c3e23db96
commit 0c3e23db96
parent 013ba4d86d
2 changed files with 20 additions and 6 deletions
--- a/apps/labrinth/src/auth/mod.rs
+++ b/apps/labrinth/src/auth/mod.rs
@ -43,7 +43,9 @@ pub enum AuthenticationError {
    InvalidAuthMethod,
    #[error("GitHub Token from incorrect Client ID")]
    InvalidClientId,
-    #[error("User email/account is already registered on Modrinth")]
+    #[error(
+        "User email is already registered on Modrinth. Try 'Forgot password' to access your account."
+    )]
    DuplicateUser,
    #[error("Invalid state sent, you probably need to get a new websocket")]
    SocketError,
--- a/apps/labrinth/src/routes/internal/flows.rs
+++ b/apps/labrinth/src/routes/internal/flows.rs
@ -223,8 +223,8 @@ impl TempUser {
                stripe_customer_id: None,
                totp_secret: None,
                username,
-                email: self.email,
-                email_verified: true,
+                email: self.email.clone(),
+                email_verified: self.email.is_some(),
                avatar_url,
                raw_avatar_url,
                bio: self.bio,
@ -1419,15 +1419,15 @@ pub async fn create_account_with_password(
        .hash_password(new_account.password.as_bytes(), &salt)?
        .to_string();

-    if crate::database::models::DBUser::get_by_email(
+    if !crate::database::models::DBUser::get_by_case_insensitive_email(
        &new_account.email,
        &**pool,
    )
    .await?
-    .is_some()
+    .is_empty()
    {
        return Err(ApiError::InvalidInput(
-            "Email is already registered on Modrinth!".to_string(),
+            "Email is already registered on Modrinth! Try 'Forgot password' to access your account.".to_string(),
        ));
    }

@ -2220,6 +2220,18 @@ pub async fn set_email(
    .await?
    .1;

+    if !crate::database::models::DBUser::get_by_case_insensitive_email(
+        &email.email,
+        &**pool,
+    )
+    .await?
+    .is_empty()
+    {
+        return Err(ApiError::InvalidInput(
+            "Email is already registered on Modrinth! Try 'Forgot password' in incognito to access and delete your other account.".to_string(),
+        ));
+    }
+
    let mut transaction = pool.begin().await?;

    sqlx::query!(