From c849ff0b0f642c9e444e3e69f958485f4c63c992 Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Mon, 18 Mar 2024 08:52:47 +0000
Subject: [PATCH 1/2] use internal ids for query

---
 app/controllers/api/account.php | 4 ++--
 app/controllers/api/users.php   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 345486b657..3df4d47355 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -555,7 +555,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
 
             $identityWithMatchingEmail = $dbForProject->findOne('identities', [
                 Query::equal('providerEmail', [$email]),
-                Query::notEqual('userId', $userId),
+                Query::notEqual('userInternalId', $user->getInternalId()),
             ]);
             if (!empty($identityWithMatchingEmail)) {
                 throw new Exception(Exception::USER_ALREADY_EXISTS);
@@ -1985,7 +1985,7 @@ App::patch('/v1/account/email')
         // Makes sure this email is not already used in another identity
         $identityWithMatchingEmail = $dbForProject->findOne('identities', [
             Query::equal('providerEmail', [$email]),
-            Query::notEqual('userId', $user->getId()),
+            Query::notEqual('userInternalId', $user->getInternalId()),
         ]);
         if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
             throw new Exception(Exception::GENERAL_BAD_REQUEST); /** Return a generic bad request to prevent exposing existing accounts */
diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php
index 5ce2263f47..6a0d6f3d7a 100644
--- a/app/controllers/api/users.php
+++ b/app/controllers/api/users.php
@@ -941,7 +941,7 @@ App::patch('/v1/users/:userId/email')
         // Makes sure this email is not already used in another identity
         $identityWithMatchingEmail = $dbForProject->findOne('identities', [
             Query::equal('providerEmail', [$email]),
-            Query::notEqual('userId', $user->getId()),
+            Query::notEqual('userInternalId', $user->getInternalId()),
         ]);
         if ($identityWithMatchingEmail !== false && !$identityWithMatchingEmail->isEmpty()) {
             throw new Exception(Exception::USER_EMAIL_ALREADY_EXISTS);

From 21d4b8feef5b28faf11f042187ddfb1f3b5d9d4d Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Mon, 18 Mar 2024 09:01:54 +0000
Subject: [PATCH 2/2] check user internal Id on membership

---
 app/controllers/api/teams.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index 978429e51c..03f158c131 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -916,7 +916,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
             $user->setAttributes($dbForProject->getDocument('users', $userId)->getArrayCopy()); // Get user
         }
 
-        if ($membership->getAttribute('userId') !== $user->getId()) {
+        if ($membership->getAttribute('userInternalId') !== $user->getInternalId()) {
             throw new Exception(Exception::TEAM_INVITE_MISMATCH, 'Invite does not belong to current user (' . $user->getAttribute('email') . ')');
         }