From b964813fad402aa06b54c8e07c070e58d86ab2cf Mon Sep 17 00:00:00 2001
From: Rory Powell <rory.codes@gmail.com>
Date: Tue, 28 Sep 2021 15:22:19 +0100
Subject: [PATCH] Prevent root account users being re-created as internal
 budibase users

---
 packages/auth/accounts.js                           |  1 +
 packages/worker/src/api/controllers/global/users.js | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 packages/auth/accounts.js

diff --git a/packages/auth/accounts.js b/packages/auth/accounts.js
new file mode 100644
index 0000000000..47ad03456a
--- /dev/null
+++ b/packages/auth/accounts.js
@@ -0,0 +1 @@
+module.exports = require("./src/cloud/accounts")
diff --git a/packages/worker/src/api/controllers/global/users.js b/packages/worker/src/api/controllers/global/users.js
index 1d3f38698b..9d2d27a05c 100644
--- a/packages/worker/src/api/controllers/global/users.js
+++ b/packages/worker/src/api/controllers/global/users.js
@@ -11,6 +11,7 @@ const { sendEmail } = require("../../../utilities/email")
 const { user: userCache } = require("@budibase/auth/cache")
 const { invalidateSessions } = require("@budibase/auth/sessions")
 const CouchDB = require("../../../db")
+const accounts = require("@budibase/auth/accounts")
 const {
   getGlobalDB,
   getTenantId,
@@ -49,10 +50,19 @@ async function saveUser(
   // make sure another user isn't using the same email
   let dbUser
   if (email) {
+    // check budibase users inside the tenant
     dbUser = await getGlobalUserByEmail(email)
     if (dbUser != null && (dbUser._id !== _id || Array.isArray(dbUser))) {
       throw "Email address already in use."
     }
+
+    // check root account users in account portal
+    if (!env.SELF_HOSTED) {
+      const account = await accounts.getAccount(email)
+      if (account) {
+        throw "Email address already in use."
+      }
+    }
   } else {
     dbUser = await db.get(_id)
   }