From 5ddbca05b299319b1df93244489a20e045d6aa70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A0=20Casaj=C3=BAs?=
 <acasajus@users.noreply.github.com>
Date: Mon, 8 May 2023 18:47:10 +0200
Subject: [PATCH] Check users aren't using an alias as their link email address
 for partner links (#1724)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

(cherry picked from commit 93e24cb4239b812d46f119a982edd12de2406802)

Co-authored-by: Adrià Casajús <adria.casajus@proton.ch>
---
 app/account_linking.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/account_linking.py b/app/account_linking.py
index 456d197f..57d389c1 100644
--- a/app/account_linking.py
+++ b/app/account_linking.py
@@ -207,13 +207,14 @@ def process_login_case(
 ) -> LinkResult:
     # Sanitize email just in case
     link_request.email = sanitize_email(link_request.email)
-    check_alias(link_request.email)
     # Try to find a SimpleLogin user registered with that partner user id
     partner_user = PartnerUser.get_by(
         partner_id=partner.id, external_user_id=link_request.external_user_id
     )
     if partner_user is None:
         # We didn't find any SimpleLogin user registered with that partner user id
+        # Make sure they aren't using an alias as their link email
+        check_alias(link_request.email)
         # Try to find it using the partner's e-mail address
         user = User.get_by(email=link_request.email)
         return get_login_strategy(link_request, user, partner).process()