From 7675266df1592bfd797e229633d0a11428785ef8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Santiago=20Rodr=C3=ADguez?=
 <88201812+santydesignscr@users.noreply.github.com>
Date: Sat, 13 Jul 2024 00:15:40 -0600
Subject: [PATCH] Fix security bug on enable oauth feature

---
 app/models/User.php | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/app/models/User.php b/app/models/User.php
index 9669775..74497e7 100644
--- a/app/models/User.php
+++ b/app/models/User.php
@@ -295,13 +295,15 @@ function enable_oauth()
 	}
 	
 	function validate_oauth_enable($email, $secret, $key) {
-		$user_rec = char32($key.':'.$email.':'.$secret);
-		$res = $this->update(['rec' => $user_rec], ['email' => $email]);
-		if($res !== false)
-		{
-			return true;
-		}
-		return false;
+	  if ($email == $this->get_email()) {
+		  $user_rec = char32($key.':'.$email.':'.$secret);
+		  $res = $this->update(['rec' => $user_rec], ['email' => $email]);
+		  if($res !== false)
+		  {
+		  	return true;
+		  }
+	  }
+	  return false;
 	}
 
 	function set_status(bool $status, $key)