From 4f778f7904f9fa6f3672fd8c766de5921e6da8f4 Mon Sep 17 00:00:00 2001
From: Abdalhamid Alhamad <aahalhmad@gmail.com>
Date: Mon, 20 Oct 2025 14:25:53 +0300
Subject: [PATCH] *
 ZOD-341-junior-a-child-can-edit-their-email-to-an-existing-email-causing-multiple-child-accounts-to-share-the-same-login

---
 src/user/dtos/request/update-user.request.dto.ts | 7 ++++++-
 src/user/services/user.service.ts                | 8 ++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/user/dtos/request/update-user.request.dto.ts b/src/user/dtos/request/update-user.request.dto.ts
index a52800a..dc04295 100644
--- a/src/user/dtos/request/update-user.request.dto.ts
+++ b/src/user/dtos/request/update-user.request.dto.ts
@@ -1,5 +1,5 @@
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { IsDateString, IsEnum, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
+import { IsDateString, IsEmail, IsEnum, IsNotEmpty, IsOptional, IsString, IsUUID } from 'class-validator';
 import { i18nValidationMessage as i18n } from 'nestjs-i18n';
 import { Gender } from '~/customer/enums';
 export class UpdateUserRequestDto {
@@ -15,6 +15,11 @@ export class UpdateUserRequestDto {
   @IsOptional()
   lastName!: string;
 
+  @ApiPropertyOptional({ example: 'child@example.com' })
+  @IsEmail({}, { message: i18n('validation.IsEmail', { path: 'general', property: 'user.email' }) })
+  @IsOptional()
+  email!: string;
+
   @ApiProperty({ example: '123e4567-e89b-12d3-a456-426614174000' })
   @IsUUID('4', { message: i18n('validation.IsUUID', { path: 'general', property: 'user.profilePictureId' }) })
   @IsOptional()
diff --git a/src/user/services/user.service.ts b/src/user/services/user.service.ts
index 4d1bbc4..41f25eb 100644
--- a/src/user/services/user.service.ts
+++ b/src/user/services/user.service.ts
@@ -191,6 +191,14 @@ export class UserService {
   async updateUser(userId: string, data: UpdateUserRequestDto) {
     await this.validateProfilePictureId(data.profilePictureId, userId);
 
+    if (data.email) {
+      const userWithEmail = await this.findUser({ email: data.email });
+      if (userWithEmail && userWithEmail.id !== userId) {
+        this.logger.error(`Email ${data.email} is already taken by another user`);
+        throw new BadRequestException('USER.EMAIL_ALREADY_TAKEN');
+      }
+    }
+
     this.logger.log(`Updating user ${userId} with data ${JSON.stringify(data)}`);
     
     const { gender, dateOfBirth, ...userData } = data;