From 1e8ee2f168f456833a2846b3fb70ca18add3d602 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Tue, 27 Jan 2026 22:08:27 +0100
Subject: [PATCH] Add email deduplication based on sanitize method before
 creating new claims (#1459)

---
 apps/server/AliasVault.Api/Controllers/VaultController.cs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/apps/server/AliasVault.Api/Controllers/VaultController.cs b/apps/server/AliasVault.Api/Controllers/VaultController.cs
index 1941ba0cc..a36cd63a6 100644
--- a/apps/server/AliasVault.Api/Controllers/VaultController.cs
+++ b/apps/server/AliasVault.Api/Controllers/VaultController.cs
@@ -358,6 +358,10 @@ public class VaultController(ILogger<VaultController> logger, IAliasServerDbCont
     /// <returns>A task representing the asynchronous operation.</returns>
     private async Task UpdateUserEmailClaims(AliasServerDbContext context, AliasVaultUser user, List<string> newEmailAddresses)
     {
+        // Deduplicate email addresses to prevent unique constraint violations when
+        // multiple credentials share the same private email address.
+        newEmailAddresses = newEmailAddresses.Select(EmailHelper.SanitizeEmail).Distinct().ToList();
+
         // Get all existing user email claims.
         var userOwnedEmailClaims = await context.UserEmailClaims
             .Where(x => x.UserId == user.Id)