Multi accounts - Prevent user from logging twice with the same account

bmarty · bmarty · commit 4deb9bf1a440 · 2025-09-04T18:23:20.000+02:00
diff --git a/features/login/impl/src/main/kotlin/io/element/android/features/login/impl/login/LoginModeView.kt b/features/login/impl/src/main/kotlin/io/element/android/features/login/impl/login/LoginModeView.kt
@@ -23,6 +23,7 @@ import io.element.android.libraries.designsystem.components.dialogs.ErrorDialog
 import io.element.android.libraries.designsystem.preview.ElementPreview
 import io.element.android.libraries.designsystem.preview.PreviewsDayNight
 import io.element.android.libraries.designsystem.theme.LocalBuildMeta
+import io.element.android.libraries.matrix.api.auth.AuthenticationException
 import io.element.android.libraries.matrix.api.auth.OidcDetails
 import io.element.android.libraries.ui.strings.CommonStrings
 
@@ -89,6 +90,13 @@ fun LoginModeView(
                         onSubmit = onClearError,
                     )
                 }
+                is AuthenticationException.AccountAlreadyLoggedIn -> {
+                    // TODO i18n
+                    ErrorDialog(
+                        content = "You're already logged in on this device as ${error.message}.",
+                        onSubmit = onClearError,
+                    )
+                }
                 else -> {
                     ErrorDialog(
                         content = stringResource(CommonStrings.error_unknown),
diff --git a/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/AuthenticationException.kt b/libraries/matrix/api/src/main/kotlin/io/element/android/libraries/matrix/api/auth/AuthenticationException.kt
@@ -8,6 +8,7 @@
 package io.element.android.libraries.matrix.api.auth
 
 sealed class AuthenticationException(message: String) : Exception(message) {
+    class AccountAlreadyLoggedIn(userId: String) : AuthenticationException(userId)
     class InvalidServerName(message: String) : AuthenticationException(message)
     class SlidingSyncVersion(message: String) : AuthenticationException(message)
     class Oidc(message: String) : AuthenticationException(message)
diff --git a/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/AuthenticationException.kt b/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/AuthenticationException.kt
@@ -14,6 +14,7 @@ import org.matrix.rustcomponents.sdk.OidcException
 fun Throwable.mapAuthenticationException(): AuthenticationException {
     val message = this.message ?: "Unknown error"
     return when (this) {
+        is AuthenticationException -> this
         is ClientBuildException -> when (this) {
             is ClientBuildException.Generic -> AuthenticationException.Generic(message)
             is ClientBuildException.InvalidServerName -> AuthenticationException.InvalidServerName(message)
diff --git a/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt b/libraries/matrix/impl/src/main/kotlin/io/element/android/libraries/matrix/impl/auth/RustMatrixAuthenticationService.kt
@@ -15,6 +15,7 @@ import io.element.android.libraries.core.coroutine.CoroutineDispatchers
 import io.element.android.libraries.core.extensions.mapFailure
 import io.element.android.libraries.core.extensions.runCatchingExceptions
 import io.element.android.libraries.matrix.api.MatrixClient
+import io.element.android.libraries.matrix.api.auth.AuthenticationException
 import io.element.android.libraries.matrix.api.auth.MatrixAuthenticationService
 import io.element.android.libraries.matrix.api.auth.MatrixHomeServerDetails
 import io.element.android.libraries.matrix.api.auth.OidcDetails
@@ -149,6 +150,8 @@ class RustMatrixAuthenticationService(
                 val client = currentClient ?: error("You need to call `setHomeserver()` first")
                 val currentSessionPaths = sessionPaths ?: error("You need to call `setHomeserver()` first")
                 client.login(username, password, "Element X Android", null)
+                // Ensure that the user is not already logged in with the same account
+                ensureNotAlreadyLoggedIn(client)
                 val sessionData = client.session()
                     .toSessionData(
                         isTokenValid = true,
@@ -237,17 +240,19 @@ class RustMatrixAuthenticationService(
                 val client = currentClient ?: error("You need to call `setHomeserver()` first")
                 val currentSessionPaths = sessionPaths ?: error("You need to call `setHomeserver()` first")
                 client.loginWithOidcCallback(callbackUrl)
+
+                // Free the pending data since we won't use it to abort the flow anymore
+                pendingOAuthAuthorizationData?.close()
+                pendingOAuthAuthorizationData = null
+
+                // Ensure that the user is not already logged in with the same account
+                ensureNotAlreadyLoggedIn(client)
                 val sessionData = client.session().toSessionData(
                     isTokenValid = true,
                     loginType = LoginType.OIDC,
                     passphrase = pendingPassphrase,
                     sessionPaths = currentSessionPaths,
                 )
-
-                // Free the pending data since we won't use it to abort the flow anymore
-                pendingOAuthAuthorizationData?.close()
-                pendingOAuthAuthorizationData = null
-
                 val matrixClient = rustMatrixClientFactory.create(client)
                 newMatrixClientObservers.forEach { it.invoke(matrixClient) }
                 sessionStore.storeData(sessionData)
@@ -263,6 +268,21 @@ class RustMatrixAuthenticationService(
         }
     }
 
+    @Throws(AuthenticationException.AccountAlreadyLoggedIn::class)
+    private suspend fun ensureNotAlreadyLoggedIn(client: Client) {
+        val newUserId = client.userId()
+        val accountAlreadyLoggedIn = sessionStore.getAllSessions().any {
+            it.userId == newUserId
+        }
+        if (accountAlreadyLoggedIn) {
+            // Sign out the client, ignoring any error
+            runCatchingExceptions {
+                client.logout()
+            }
+            throw AuthenticationException.AccountAlreadyLoggedIn(newUserId)
+        }
+    }
+
     override suspend fun loginWithQrCode(qrCodeData: MatrixQrCodeLoginData, progress: (QrCodeLoginStep) -> Unit) =
         withContext(coroutineDispatchers.io) {
             val sdkQrCodeLoginData = (qrCodeData as SdkQrCodeLoginData).rustQrCodeData
@@ -285,7 +305,8 @@ class RustMatrixAuthenticationService(
                     oidcConfiguration = oidcConfiguration,
                     progressListener = progressListener,
                 )
-
+                // Ensure that the user is not already logged in with the same account
+                ensureNotAlreadyLoggedIn(client)
                 val sessionData = client.session()
                     .toSessionData(
                         isTokenValid = true,
