From 0c3e23db9615917682f827385b361ece946cca1f Mon Sep 17 00:00:00 2001
From: Emma Alexia <emma@modrinth.com>
Date: Thu, 17 Jul 2025 21:59:48 -0400
Subject: [PATCH] Improve errors when email is already in use (#4014)

Fixes #1485

Also fixes an issue where email_verified was being set to true regardless of whether the oauth provider provides an email (thus indicating that a null email is verified)
---
 apps/labrinth/src/auth/mod.rs              |  4 +++-
 apps/labrinth/src/routes/internal/flows.rs | 22 +++++++++++++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/apps/labrinth/src/auth/mod.rs b/apps/labrinth/src/auth/mod.rs
index e2dc16ff8..a22fd65cf 100644
--- a/apps/labrinth/src/auth/mod.rs
+++ b/apps/labrinth/src/auth/mod.rs
@@ -43,7 +43,9 @@ pub enum AuthenticationError {
     InvalidAuthMethod,
     #[error("GitHub Token from incorrect Client ID")]
     InvalidClientId,
-    #[error("User email/account is already registered on Modrinth")]
+    #[error(
+        "User email is already registered on Modrinth. Try 'Forgot password' to access your account."
+    )]
     DuplicateUser,
     #[error("Invalid state sent, you probably need to get a new websocket")]
     SocketError,
diff --git a/apps/labrinth/src/routes/internal/flows.rs b/apps/labrinth/src/routes/internal/flows.rs
index e8d97a65a..281f85be0 100644
--- a/apps/labrinth/src/routes/internal/flows.rs
+++ b/apps/labrinth/src/routes/internal/flows.rs
@@ -223,8 +223,8 @@ impl TempUser {
                 stripe_customer_id: None,
                 totp_secret: None,
                 username,
-                email: self.email,
-                email_verified: true,
+                email: self.email.clone(),
+                email_verified: self.email.is_some(),
                 avatar_url,
                 raw_avatar_url,
                 bio: self.bio,
@@ -1419,15 +1419,15 @@ pub async fn create_account_with_password(
         .hash_password(new_account.password.as_bytes(), &salt)?
         .to_string();
 
-    if crate::database::models::DBUser::get_by_email(
+    if !crate::database::models::DBUser::get_by_case_insensitive_email(
         &new_account.email,
         &**pool,
     )
     .await?
-    .is_some()
+    .is_empty()
     {
         return Err(ApiError::InvalidInput(
-            "Email is already registered on Modrinth!".to_string(),
+            "Email is already registered on Modrinth! Try 'Forgot password' to access your account.".to_string(),
         ));
     }
 
@@ -2220,6 +2220,18 @@ pub async fn set_email(
     .await?
     .1;
 
+    if !crate::database::models::DBUser::get_by_case_insensitive_email(
+        &email.email,
+        &**pool,
+    )
+    .await?
+    .is_empty()
+    {
+        return Err(ApiError::InvalidInput(
+            "Email is already registered on Modrinth! Try 'Forgot password' in incognito to access and delete your other account.".to_string(),
+        ));
+    }
+
     let mut transaction = pool.begin().await?;
 
     sqlx::query!(