From 5ddfe54d3447d821b2552f775c52aea0dd76ad0c Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Thu, 12 Dec 2024 12:16:58 +0800
Subject: [PATCH] fix: add checks for cases where more than 1 identity is
 returned

---
 internal/api/verify.go      | 6 ++++++
 internal/api/verify_test.go | 1 +
 2 files changed, 7 insertions(+)

diff --git a/internal/api/verify.go b/internal/api/verify.go
index c9d7ebf6f..b48716a87 100644
--- a/internal/api/verify.go
+++ b/internal/api/verify.go
@@ -334,7 +334,13 @@ func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.C
 		//
 		// we still check for the length of the identities slice to be safe.
 		if len(user.Identities) != 0 {
+			if len(user.Identities) > 1 {
+				return internalServerError("User has more than one identity on signup")
+			}
 			emailIdentity := user.Identities[0]
+			if emailIdentity.Email != user.Email {
+				return internalServerError("User email identity does not match user email")
+			}
 			if terr = emailIdentity.UpdateIdentityData(tx, map[string]interface{}{
 				"email_verified": true,
 			}); terr != nil {
diff --git a/internal/api/verify_test.go b/internal/api/verify_test.go
index c5fe965eb..9da1d482b 100644
--- a/internal/api/verify_test.go
+++ b/internal/api/verify_test.go
@@ -52,6 +52,7 @@ func (ts *VerifyTestSuite) SetupTest() {
 	// Create identity
 	i, err := models.NewIdentity(u, "email", map[string]interface{}{
 		"sub":            u.ID.String(),
+		"email":          "test@example.com",
 		"email_verified": false,
 	})
 	require.NoError(ts.T(), err, "Error creating test identity model")