added validation for account merge

Author: nextguyover

Confab/Exceptions/Exceptions.cs

@@ -32,4 +32,5 @@ public class UserCommentRateLimitException : Exception { }
     public class EditHistoryDisabledException : Exception { }
     public class AnonymousCommentingDisabledException : Exception { }
     public class CaptchaVerificationFailedException : Exception { }
+    public class InvalidAnonUserForMergeException : Exception { }
 }

Confab/Program.cs

@@ -449,6 +449,14 @@
             return Results.BadRequest(new LoginResponse());
         }
 
+        if (ex is InvalidAnonUserForMergeException)
+        {
+            return Results.BadRequest(new LoginResponse
+            {
+                Outcome = LoginOutcome.VerificationCodeGenericFailure
+            });
+        }
+
         app.Logger.LogError(ex.ToString());
         return Results.StatusCode(500);
     }

Confab/Services/UserService.cs

@@ -248,9 +248,10 @@ public async Task<LoginResponse> Login(UserLogin userLogin, HttpContext httpCont
             } catch (MissingAuthorizationException) {}  //if no JWT, don't assign anonUser
 
             if (user == null)    //if user doesn't exist, can't login
-            {
                 throw new UserNotFoundException();
-            }
+            
+            if (anonUser != null && (anonUser.IsAnon == false || user == anonUser))    // validate anon user
+                throw new InvalidAnonUserForMergeException();
 
             await VerifyUserLoginEnabled(user, dbCtx);