From fb774109a0530a4508d52d4451f2e538bef3961a Mon Sep 17 00:00:00 2001
From: Philippe Luickx <philippe.luickx@gmail.com>
Date: Fri, 27 May 2016 14:26:44 +0300
Subject: [PATCH] Checking for pre-existing accounts from a different flow when
 using social connect

---
 rest_auth/registration/serializers.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py
index c6b5d5b..61f82dc 100644
--- a/rest_auth/registration/serializers.py
+++ b/rest_auth/registration/serializers.py
@@ -1,6 +1,7 @@
 from django.http import HttpRequest
 from django.conf import settings
 from django.utils.translation import ugettext_lazy as _
+from django.contrib.auth import get_user_model
 
 try:
     from allauth.account import app_settings as allauth_settings
@@ -111,6 +112,20 @@ class SocialLoginSerializer(serializers.Serializer):
             raise serializers.ValidationError(_('Incorrect value'))
 
         if not login.is_existing:
+            # We have an account already signed up in a different flow
+            # with the same email address: raise an exception.
+            # This needs to be handled in the frontend. We can not just
+            # link up the accounts due to security constraints
+            if(allauth_settings.UNIQUE_EMAIL):
+                # Do we have an account already with this email address?
+                existing_account = get_user_model().objects.filter(
+                    email=login.user.email,
+                ).count()
+                if(existing_account != 0):
+                    # There is an account already
+                    raise serializers.ValidationError(
+                    _("A user is already registered with this e-mail address."))
+
             login.lookup()
             login.save(request, connect=True)
         attrs['user'] = login.account.user