From 77589f3179ce5a426a24a2e4f1cbe9946cc7beff Mon Sep 17 00:00:00 2001
From: Eric Kean <kreut@hotmail.com>
Date: Thu, 17 Oct 2024 10:58:05 -0700
Subject: [PATCH] Switching accounts

---
 .../Cleanup/removeOldValidationCodes.php      |  58 ++++
 app/Console/Kernel.php                        |   1 +
 app/Helpers/Helper.php                        |  39 +++
 app/Http/Controllers/Auth/LoginController.php |   4 +
 app/Http/Controllers/Auth/OAuthController.php |   2 +
 app/Http/Controllers/Auth/UserController.php  |  14 +-
 app/Http/Controllers/BreadcrumbController.php |   1 +
 .../Controllers/LinkedAccountController.php   | 163 ++++++++++
 app/Http/Controllers/UserController.php       |  16 +-
 app/Http/Middleware/SetAppVersionHeader.php   |   2 +-
 .../Requests/AccountValidationCodeRequest.php |  30 ++
 .../Requests/EmailLinkToAccountRequest.php    |  31 ++
 app/LinkToAccountValidationCode.php           |  10 +
 app/LinkedAccount.php                         |  10 +
 app/Policies/LinkedAccountPolicy.php          |  24 ++
 app/Policies/UserPolicy.php                   |   1 -
 app/Rules/IsValidAccountThatCanBeLinkedTo.php |  61 ++++
 app/User.php                                  |   3 +-
 ...link_to_account_validation_codes_table.php |  33 ++
 ...16_164329_create_linked_accounts_table.php |  37 +++
 resources/js/components/Navbar.vue            |  80 ++++-
 resources/js/layouts/default.vue              |  19 +-
 resources/js/pages/settings/index.vue         |   7 +-
 .../js/pages/settings/linked_accounts.vue     | 285 ++++++++++++++++++
 resources/js/router/routes.js                 |   3 +-
 .../link_to_account_validation_code.blade.php |  22 ++
 routes/api.php                                |   7 +
 tests/Feature/LinkedAccountsTest.php          |  79 +++++
 28 files changed, 1029 insertions(+), 13 deletions(-)
 create mode 100644 app/Console/Commands/Cleanup/removeOldValidationCodes.php
 create mode 100644 app/Http/Controllers/LinkedAccountController.php
 create mode 100644 app/Http/Requests/AccountValidationCodeRequest.php
 create mode 100644 app/Http/Requests/EmailLinkToAccountRequest.php
 create mode 100644 app/LinkToAccountValidationCode.php
 create mode 100644 app/LinkedAccount.php
 create mode 100644 app/Policies/LinkedAccountPolicy.php
 create mode 100644 app/Rules/IsValidAccountThatCanBeLinkedTo.php
 create mode 100644 database/migrations/2024_10_16_164203_create_link_to_account_validation_codes_table.php
 create mode 100644 database/migrations/2024_10_16_164329_create_linked_accounts_table.php
 create mode 100644 resources/js/pages/settings/linked_accounts.vue
 create mode 100644 resources/views/emails/link_to_account_validation_code.blade.php
 create mode 100644 tests/Feature/LinkedAccountsTest.php

diff --git a/app/Console/Commands/Cleanup/removeOldValidationCodes.php b/app/Console/Commands/Cleanup/removeOldValidationCodes.php
new file mode 100644
index 000000000..6112ae262
--- /dev/null
+++ b/app/Console/Commands/Cleanup/removeOldValidationCodes.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace App\Console\Commands\Cleanup;
+
+use App\Exceptions\Handler;
+use App\InstructorAccessCode;
+use Carbon\Carbon;
+use Exception;
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\DB;
+
+class removeOldValidationCodes extends Command
+{
+    /**
+     * The name and signature of the console command.
+     *
+     * @var string
+     */
+    protected $signature = 'remove:oldValidationCodes';
+
+    /**
+     * The console command description.
+     *
+     * @var string
+     */
+    protected $description = 'Removes codes older than 10 minutes';
+
+    /**
+     * Create a new command instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        parent::__construct();
+    }
+
+    /**
+     * Execute the console command.
+     *
+     * @return int
+     * @throws Exception
+     */
+    public function handle(): int
+    {
+        try {
+            DB::table('link_to_account_validation_codes')
+                ->where('created_at', '<=', Carbon::now()->subMinutes(10)->toDateTimeString())
+                ->delete();
+
+        } catch (Exception $e) {
+            $h = new Handler(app());
+            $h->report($e);
+            echo $e->getMessage();
+            return 1;
+        }
+    }
+}
diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
index 7e269c0d2..f9ac4e486 100644
--- a/app/Console/Kernel.php
+++ b/app/Console/Kernel.php
@@ -103,6 +103,7 @@ protected function schedule(Schedule $schedule)
             /* end grader notifications */
             $schedule->command('check:AssignTos')->twiceDaily();
             $schedule->command('remove:oldAccessCodes')->daily();
+            $schedule->command('remove:oldValidationCodes')->everyMinute();
             $schedule->command('find:accents')->daily();
 
             $schedule->command('find:richTextError')->twiceDaily();
diff --git a/app/Helpers/Helper.php b/app/Helpers/Helper.php
index 8c0255c22..2fd96558f 100644
--- a/app/Helpers/Helper.php
+++ b/app/Helpers/Helper.php
@@ -148,6 +148,45 @@ static function getCompletionScoringMode($scoring_type, $completion_scoring_mode
         } else return null;
     }
 
+    public static function getLinkedAccounts(int $user_id)
+    {
+        $user = User::find($user_id);
+        $linked_accounts = [];
+
+        $linked_from_user = DB::table('linked_accounts')
+            ->join('users', 'linked_accounts.linked_to_user_id', '=', 'users.id')
+            ->select('linked_accounts.user_id')
+            ->where('linked_to_user_id', $user->id)
+            ->first();
+        if ($linked_from_user) {
+            $linked_from_user_id = $linked_from_user->user_id;
+        } else {
+            $linked_from_user = DB::table('linked_accounts')->where('user_id', $user_id)->first();
+            if (!$linked_from_user) {
+                return json_encode([]);
+            } else {
+                $linked_from_user_id = $linked_from_user->user_id;
+            }
+        }
+
+        $linked_from_user = User::find($linked_from_user_id);
+        $linked_to_users = DB::table('linked_accounts')
+            ->join('users', 'linked_accounts.linked_to_user_id', '=', 'users.id')
+            ->where('user_id', $linked_from_user_id)
+            ->select('users.*')
+            ->get();
+        $linked_accounts[] = [
+            'id' => $linked_from_user->id,
+            'email' => $linked_from_user->email,
+            'main_account' => true];
+        foreach ($linked_to_users as $linked_to_user) {
+            $linked_accounts[] = ['id' => $linked_to_user->id,
+                'email' => $linked_to_user->email,
+                'main_account' => false];
+        }
+        return json_encode($linked_accounts);
+    }
+
     public
     static function createAccessCode($length = 12)
     {
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index c1b98068d..4844e71ba 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -7,6 +7,7 @@
 use App\Exceptions\Handler;
 use App\Exceptions\VerifyEmailException;
 use App\FCMToken;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\Question;
 use App\User;
@@ -58,10 +59,13 @@ protected function attemptLogin(Request $request): bool
         }
 
         $user = $this->guard()->user();
+        $linked_accounts = Helper::getLinkedAccounts($user->id);
+        session()->put('linked_accounts', $linked_accounts);
         session()->forget('original_user_id');
         session()->forget('admin_user_id');
         session()->put('original_role', $user->role);
         session()->put('original_email', $user->email);
+        $user->linked_accounts = $linked_accounts;
         $user->instructor_user_id = null;
         DB::table('users')->where('instructor_user_id', $user->id)->update(['instructor_user_id' => null]);
 
diff --git a/app/Http/Controllers/Auth/OAuthController.php b/app/Http/Controllers/Auth/OAuthController.php
index 949d5a442..a31c2039d 100644
--- a/app/Http/Controllers/Auth/OAuthController.php
+++ b/app/Http/Controllers/Auth/OAuthController.php
@@ -3,6 +3,7 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Exceptions\EmailTakenException;
+use App\Helpers\Helper;
 use App\Http\Controllers\Controller;
 use App\OAuthProvider;
 use App\User;
@@ -54,6 +55,7 @@ public function handleProviderCallback($provider)
         $user = Socialite::driver($provider)->stateless()->user();
         $user = $this->findOrCreateUser($provider, $user);
 
+        session()->put('linked_accounts', Helper::getLinkedAccounts($user->id));
         $this->guard()->setToken(
             $token = $this->guard()->login($user)
         );
diff --git a/app/Http/Controllers/Auth/UserController.php b/app/Http/Controllers/Auth/UserController.php
index 572ae2b19..8b9980e23 100644
--- a/app/Http/Controllers/Auth/UserController.php
+++ b/app/Http/Controllers/Auth/UserController.php
@@ -24,6 +24,8 @@
 use MiladRahimi\Jwt\Generator;
 use MiladRahimi\Jwt\Parser;
 use MiladRahimi\Jwt\Cryptography\Algorithms\Hmac\HS256;
+use Psr\Container\ContainerExceptionInterface;
+use Psr\Container\NotFoundExceptionInterface;
 
 class UserController extends Controller
 {
@@ -31,6 +33,8 @@ class UserController extends Controller
     /**
      * @param Request $request
      * @return JsonResponse
+     * @throws ContainerExceptionInterface
+     * @throws NotFoundExceptionInterface
      */
     public function current(Request $request): JsonResponse
     {
@@ -41,6 +45,7 @@ public function current(Request $request): JsonResponse
             if ($request->user()->is_tester_student) {
                 $request->user()->email = '';
             }
+            $request->user()->linked_accounts = session()->get('linked_accounts');
             $request->user()->is_developer = $request->user()->isDeveloper();
             $request->user()->logged_in_as_user = session()->get('original_user_id');
             $request->user()->is_instructor_logged_in_as_student = is_numeric(session()->get('original_user_id')) || $request->user()->fake_student;
@@ -341,6 +346,9 @@ public function loginAs(LoginAsRequest $request, User $user): array
                 session()->put(['admin_user_id' => $request->user()->id]);
             }
             session()->put(['original_user_id' => $request->user()->id]);
+            $linked_accounts = Helper::getLinkedAccounts($new_user->id);
+            session()->put('linked_accounts', $linked_accounts);
+            $new_user->linked_accounts = $linked_accounts;
             $response['type'] = 'success';
             $response['token'] = \JWTAuth::fromUser($new_user);
         } catch (Exception $e) {
@@ -373,6 +381,9 @@ public function exitLoginAs()
             $new_user = User::find($original_user_id);
             session()->forget('original_user_id');
             session()->forget('admin_user_id');
+            $linked_accounts = Helper::getLinkedAccounts($new_user->id);
+            session()->put('linked_accounts', $linked_accounts);
+            $new_user->linked_accounts = $linked_accounts;
             DB::beginTransaction();
             $response['type'] = 'success';
             $response['token'] = \JWTAuth::fromUser($new_user);
@@ -455,8 +466,7 @@ public function getAuthenticatedUser(Request $request)
             return response()->json(['token_absent'], $e->getStatusCode());
 
         }
-        Log::info(\JWTAuth::parseToken()->getPayload() . "\r\n");
-        Log::info($request->all());
+
         // the token is valid and we have found the user via the sub claim
         return [\JWTAuth::parseToken()->getPayload(), $request->all()];
     }
diff --git a/app/Http/Controllers/BreadcrumbController.php b/app/Http/Controllers/BreadcrumbController.php
index 1744bca5c..fe56c469f 100644
--- a/app/Http/Controllers/BreadcrumbController.php
+++ b/app/Http/Controllers/BreadcrumbController.php
@@ -239,6 +239,7 @@ public function index(Request $request)
                             case('settings.password'):
                             case('settings.notifications'):
                             case('settings.account_customizations'):
+                            case('settings.linked_accounts'):
                                 $breadcrumbs[] = ['text' => 'Settings',
                                     'href' => "#",
                                     'active' => true];
diff --git a/app/Http/Controllers/LinkedAccountController.php b/app/Http/Controllers/LinkedAccountController.php
new file mode 100644
index 000000000..132654836
--- /dev/null
+++ b/app/Http/Controllers/LinkedAccountController.php
@@ -0,0 +1,163 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use App\Exceptions\Handler;
+use App\Helpers\Helper;
+use App\Http\Requests\AccountValidationCodeRequest;
+use App\Http\Requests\EmailLinkToAccountRequest;
+use App\LinkedAccount;
+use App\LinkToAccountValidationCode;
+use App\User;
+use Exception;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Gate;
+use Snowfire\Beautymail\Beautymail;
+
+class LinkedAccountController extends Controller
+{
+    /**
+     * @param Request $request
+     * @param User $account_to_switch_to
+     * @return array
+     */
+    public function switch(Request $request, User $account_to_switch_to): array
+    {
+
+        $response['type'] = 'error';
+        $linked_accounts = json_decode(Helper::getLinkedAccounts($request->user()->id), 1);
+        $can_switch = false;
+        foreach ($linked_accounts as $linked_account) {
+            if ($linked_account['id'] === $account_to_switch_to->id) {
+                $can_switch = true;
+            }
+        }
+        if (!$can_switch) {
+            $response['message'] = "You cannot switch to that account.";
+            return $response;
+        }
+
+        $response['type'] = 'success';
+        $response['token'] = \JWTAuth::fromUser($account_to_switch_to);
+        return $response;
+
+    }
+
+    /**
+     * @param Request $request
+     * @param LinkedAccount $linkedAccount
+     * @param User $account_to_unlink
+     * @return array
+     * @throws Exception
+     */
+    public function unlink(Request $request, LinkedAccount $linkedAccount, User $account_to_unlink): array
+    {
+
+        try {
+            $response['type'] = 'error';
+            $authorized = Gate::inspect('unlink', [$linkedAccount, $account_to_unlink]);
+            if (!$authorized->allowed()) {
+                $response['message'] = $authorized->message();
+                return $response;
+            }
+            $linkedAccount->where('user_id', $request->user()->id)
+                ->where('linked_to_user_id', $account_to_unlink->id)
+                ->delete();
+            Helper::getLinkedAccounts($request->user()->id);
+            session()->put('linked_accounts', Helper::getLinkedAccounts($request->user()->id));
+            $response['type'] = 'info';
+            $response['message'] = "$account_to_unlink->email is no longer linked.";
+        } catch (Exception $e) {
+            DB::rollback();
+            $h = new Handler(app());
+            $h->report($e);
+            $response['message'] = "We were unable to unlink your account.  Please try again or contact us for assistance.";
+        }
+        return $response;
+    }
+
+
+    /**
+     * @param AccountValidationCodeRequest $request
+     * @param LinkToAccountValidationCode $linkToAccountValidationCode
+     * @return array
+     * @throws Exception
+     */
+    public function validateCodeToLinkToAccount(AccountValidationCodeRequest $request,
+                                                LinkToAccountValidationCode  $linkToAccountValidationCode): array
+    {
+        try {
+            $response['type'] = 'error';
+            DB::beginTransaction();
+            $data = $request->validated();
+            $linked_account_validation_code = $linkToAccountValidationCode
+                ->where('validation_code', $data['validation_code'])
+                ->first();
+            $linked_account = User::where('email', $linked_account_validation_code->email)->first();
+            $linkToAccountValidationCode->where('validation_code', $data['validation_code'])->delete();
+            $linkedAccount = new LinkedAccount();
+            $linkedAccount->user_id = $request->user()->id;
+            $linkedAccount->linked_to_user_id = $linked_account->id;
+            $linkedAccount->save();
+            session()->put('linked_accounts', Helper::getLinkedAccounts($request->user()->id));
+            DB::commit();
+            $response['type'] = 'success';
+            $response['message'] = "The accounts have been linked.";
+
+        } catch (Exception $e) {
+            DB::rollback();
+            $h = new Handler(app());
+            $h->report($e);
+            $response['message'] = "We were unable to validate the code.  Please try again or contact us for assistance.";
+        }
+        return $response;
+    }
+
+
+    /**
+     * @param EmailLinkToAccountRequest $request
+     * @return array
+     * @throws Exception
+     */
+    public function emailLinkToAccountValidationCode(EmailLinkToAccountRequest $request): array
+    {
+
+        try {
+            $response['type'] = 'error';
+            $email = trim($request->email);
+            $account_to_link_to = User::where('email', $email)->first();
+            $data = $request->validated();
+            $email = $data['email'];
+            if ($account_to_link_to) {
+                if ($account_to_link_to->id === $request->user()->id) {
+                    $response['message'] = "You are trying to link to your current account.";
+                    return $response;
+                }
+                $validation_code = Helper::createAccessCode(15);
+
+                LinkToAccountValidationCode::updateOrCreate(['email' => $email], ['validation_code' => $validation_code]);
+
+                $mail_info = [
+                    'first_name' => $request->user()->first_name,
+                    'validation_code' => $validation_code
+                ];
+                $beautymail = app()->make(Beautymail::class);
+                $beautymail->send('emails.link_to_account_validation_code', $mail_info, function ($message)
+                use ($account_to_link_to) {
+                    $message->from('adapt@noreply.libretexts.org', 'ADAPT')
+                        ->to($account_to_link_to->email, $account_to_link_to->first_name . ' ' . $account_to_link_to->last_name)
+                        ->subject('Validation Code to Link Accounts');
+                });
+            }
+            $response['type'] = 'success';
+            $response['message'] = "Please check your email for a validation code.";
+        } catch (Exception $e) {
+            $h = new Handler(app());
+            $h->report($e);
+            $response['message'] = "There was an error sending the email.  Please try again or contact us for assistance.";
+        }
+        return $response;
+
+    }
+}
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 8cef0ab7a..03a8a5347 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -11,9 +11,13 @@
 use App\Extension;
 use App\ExtraCredit;
 use App\Helpers\Helper;
+use App\Http\Requests\AccountValidationCodeRequest;
 use App\Http\Requests\InviteStudentRequest;
+use App\Http\Requests\EmailLinkToAccountRequest;
 use App\Http\Requests\IsValidEmailUpdateRequest;
 use App\Http\Requests\UpdateStudentEmail;
+use App\LinkedAccount;
+use App\LinkToAccountValidationCode;
 use App\LtiGradePassback;
 use App\PendingCourseInvitation;
 use App\Score;
@@ -39,13 +43,23 @@
 
 class UserController extends Controller
 {
+
+    public function switchAccount(Request $request, User $account_to_switch_to)
+    {
+
+        dd($account_to_switch_to);
+
+
+    }
+
+
     /**
      * @param IsValidEmailUpdateRequest $request
      * @param User $user
      * @return array
      * @throws Exception
      */
-    public function updateEmail(IsValidEmailUpdateRequest $request, User $user)
+    public function updateEmail(IsValidEmailUpdateRequest $request, User $user): array
     {
         try {
             $response['type'] = 'error';
diff --git a/app/Http/Middleware/SetAppVersionHeader.php b/app/Http/Middleware/SetAppVersionHeader.php
index d317229e2..4aa51b2b1 100644
--- a/app/Http/Middleware/SetAppVersionHeader.php
+++ b/app/Http/Middleware/SetAppVersionHeader.php
@@ -22,7 +22,7 @@ public function handle($request, Closure $next)
         //$app_version = env('VAPOR_COMMIT_HASH') ? env('VAPOR_COMMIT_HASH') : '1.0';
         if(!$response instanceof StreamedResponse) {
             //https://stackoverflow.com/questions/72060913/call-to-undefined-method-symfony-component-httpfoundation-streamedresponsehead
-            $response->header('appversion', '2.61');
+            $response->header('appversion', '2.62');
         }
         return $response;
     }
diff --git a/app/Http/Requests/AccountValidationCodeRequest.php b/app/Http/Requests/AccountValidationCodeRequest.php
new file mode 100644
index 000000000..75541b805
--- /dev/null
+++ b/app/Http/Requests/AccountValidationCodeRequest.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace App\Http\Requests;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class AccountValidationCodeRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules(): array
+    {
+        return [
+            'validation_code'=>['required','exists:link_to_account_validation_codes,validation_code']
+        ];
+    }
+}
diff --git a/app/Http/Requests/EmailLinkToAccountRequest.php b/app/Http/Requests/EmailLinkToAccountRequest.php
new file mode 100644
index 000000000..c007c3f22
--- /dev/null
+++ b/app/Http/Requests/EmailLinkToAccountRequest.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Requests;
+
+use App\Rules\IsValidAccountThatCanBeLinkedTo;
+use Illuminate\Foundation\Http\FormRequest;
+
+class EmailLinkToAccountRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'email'=> ['required','email', new IsValidAccountThatCanBeLinkedTo()]
+        ];
+    }
+}
diff --git a/app/LinkToAccountValidationCode.php b/app/LinkToAccountValidationCode.php
new file mode 100644
index 000000000..ecd164fa3
--- /dev/null
+++ b/app/LinkToAccountValidationCode.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model;
+
+class LinkToAccountValidationCode extends Model
+{
+    protected $guarded = [];
+}
diff --git a/app/LinkedAccount.php b/app/LinkedAccount.php
new file mode 100644
index 000000000..0ee3f86bc
--- /dev/null
+++ b/app/LinkedAccount.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model;
+
+class LinkedAccount extends Model
+{
+    //
+}
diff --git a/app/Policies/LinkedAccountPolicy.php b/app/Policies/LinkedAccountPolicy.php
new file mode 100644
index 000000000..68e768d42
--- /dev/null
+++ b/app/Policies/LinkedAccountPolicy.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace App\Policies;
+
+use App\LinkedAccount;
+use App\User;
+use Illuminate\Auth\Access\HandlesAuthorization;
+use Illuminate\Auth\Access\Response;
+
+class LinkedAccountPolicy
+{
+    use HandlesAuthorization;
+
+
+    public function unlink(User $user, LinkedAccount  $linkedAccount, User $account_to_unlink){
+        $has_access = $linkedAccount->where('user_id', $user->id)
+            ->where('linked_to_user_id', $account_to_unlink->id)
+            ->exists();
+        return $has_access
+            ? Response::allow()
+            : Response::deny("You are not allowed to unlink that account.");
+
+    }
+}
diff --git a/app/Policies/UserPolicy.php b/app/Policies/UserPolicy.php
index 342c7e532..f90e0a62c 100644
--- a/app/Policies/UserPolicy.php
+++ b/app/Policies/UserPolicy.php
@@ -15,7 +15,6 @@ class UserPolicy
     use HandlesAuthorization;
 
     private $admins;
-
     /**
      * @param User $user
      * @return Response
diff --git a/app/Rules/IsValidAccountThatCanBeLinkedTo.php b/app/Rules/IsValidAccountThatCanBeLinkedTo.php
new file mode 100644
index 000000000..e63c49bc0
--- /dev/null
+++ b/app/Rules/IsValidAccountThatCanBeLinkedTo.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace App\Rules;
+
+use App\User;
+use Illuminate\Contracts\Validation\Rule;
+use Illuminate\Support\Facades\Auth;
+
+class IsValidAccountThatCanBeLinkedTo implements Rule
+{
+    /**
+     * @var string
+     */
+    private $message;
+
+    /**
+     * Create a new rule instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        //
+    }
+
+    /**
+     * Determine if the validation rule passes.
+     *
+     * @param string $attribute
+     * @param mixed $value
+     * @return bool
+     */
+    public function passes($attribute, $value): bool
+    {
+        $passes = true;
+        $this->message = '';
+        if (!User::where('email', $value)
+            ->where('role', 2)
+            ->whereNotIn('id', [1, 5])
+            ->exists()
+        ) {
+            $passes = false;
+            $this->message = "That is not a valid instructor account.";
+        }
+        if ($value === Auth::user()->email) {
+            $passes = false;
+            $this->message = "You cannot link to your own account.";
+        }
+        return $passes;
+    }
+
+    /**
+     * Get the validation error message.
+     *
+     * @return string
+     */
+    public function message()
+    {
+        return $this->message;
+    }
+}
diff --git a/app/User.php b/app/User.php
index 11d5d0227..082835134 100644
--- a/app/User.php
+++ b/app/User.php
@@ -19,13 +19,14 @@ class User extends Authenticatable implements JWTSubject //, MustVerifyEmail
 {
     use Notifiable;
 
+
     /**
      * The attributes that are mass assignable.
      *
      * @var array
      */
     protected $fillable = [
-        'first_name', 'last_name', 'email', 'password', 'time_zone', 'role','student_id'
+        'first_name', 'last_name', 'email', 'password', 'time_zone', 'role', 'student_id'
     ];
 
     /**
diff --git a/database/migrations/2024_10_16_164203_create_link_to_account_validation_codes_table.php b/database/migrations/2024_10_16_164203_create_link_to_account_validation_codes_table.php
new file mode 100644
index 000000000..e39ac1c5c
--- /dev/null
+++ b/database/migrations/2024_10_16_164203_create_link_to_account_validation_codes_table.php
@@ -0,0 +1,33 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateLinkToAccountValidationCodesTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('link_to_account_validation_codes', function (Blueprint $table) {
+            $table->id();
+            $table->string('email');
+            $table->string('validation_code');
+            $table->timestamps();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('link_to_account_validation_codes');
+    }
+}
diff --git a/database/migrations/2024_10_16_164329_create_linked_accounts_table.php b/database/migrations/2024_10_16_164329_create_linked_accounts_table.php
new file mode 100644
index 000000000..cc9d41539
--- /dev/null
+++ b/database/migrations/2024_10_16_164329_create_linked_accounts_table.php
@@ -0,0 +1,37 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class CreateLinkedAccountsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::create('linked_accounts', function (Blueprint $table) {
+            $table->id();
+            $table->unsignedBigInteger('user_id');
+            $table->unsignedBigInteger('linked_to_user_id');
+            $table->timestamps();
+            $table->foreign('user_id')->references('id')->on('users');
+            $table->foreign('linked_to_user_id')->references('id')->on('users');
+            $table->unique(['user_id','linked_to_user_id']);
+        });
+
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::dropIfExists('linked_accounts');
+    }
+}
diff --git a/resources/js/components/Navbar.vue b/resources/js/components/Navbar.vue
index cd69ed65b..22c4a2ff1 100644
--- a/resources/js/components/Navbar.vue
+++ b/resources/js/components/Navbar.vue
@@ -3,11 +3,32 @@
     <div v-show="false" id="support-widget-container"
          style="position: fixed; z-index: 9999; display: inline-flex; bottom: 0; right: 5px;"
     />
+    <b-modal id="modal-switched-account"
+             title="Success!"
+             @hidden="loadCoursesPage"
+    >
+      <p>You are now logged in as <strong>{{ accountToSwitchTo.email }}</strong>.</p>
+      <template #modal-footer>
+        <b-button
+          size="sm"
+          variant="primary"
+          class="float-right"
+          @click="$bvModal.hide('modal-switched-account')"
+        >
+          OK
+        </b-button>
+      </template>
+    </b-modal>
     <Email id="contact-us-modal" ref="email"
            extra-email-modal-text="Please use this form to contact us regarding general questions or issues.  If you have a course specific question, please contact your instructor using your own email client."
            :from-user="user" title="Contact Us" type="contact_us" subject="General Inquiry"
     />
     <div v-if="showNavBar" id="navbar">
+      <b-modal id="modal-switch-account"
+               title="Switch Account"
+      >
+        {{ linkedAccounts }}
+      </b-modal>
       <b-navbar toggleable="lg">
         <LibreOne size="sm" class="m-1"/>
 
@@ -120,7 +141,7 @@
                     :items="breadcrumbs"
                     style="padding-bottom:0 !important; margin-bottom:0 !important"
                     :style="breadcrumbs.length === 1 && breadcrumbs[0].active ?
-      'padding-top:.3em;padding-bottom:.3em !important; margin-bottom:0 !important' : 'padding-top:.3em;padding-bottom:0 !important; margin-bottom:0 !important'"
+                      'padding-top:.3em;padding-bottom:.3em !important; margin-bottom:0 !important' : 'padding-top:.3em;padding-bottom:0 !important; margin-bottom:0 !important'"
       />
       <b-navbar-nav class="ml-auto mt-0 mb-0 d-flex flex-row">
         <b-nav-item-dropdown
@@ -143,6 +164,29 @@
           </b-dropdown-item>
         </b-nav-item-dropdown>
       </b-navbar-nav>
+      <b-nav-item-dropdown v-if="user && user.role === 2 && linkedAccounts.length" right>
+        <template v-slot:button-content>
+          <span v-b-tooltip.hover="{ delay: { show: 500, hide: 0 } }"
+                :title="`You are currently logged in with the email address: ${user.email}`"
+          >
+            <b-icon-person-circle/>
+          </span>
+        </template>
+
+        <!-- Dropdown listing linked accounts -->
+        <b-dropdown-item
+          v-for="linkedAccount in linkedAccounts"
+          :key="`linked-account-${linkedAccount.id}`"
+          :disabled="linkedAccount.id === user.id"
+          @click="switchAccount(linkedAccount)"
+        >
+          <!-- Conditionally show the current account as muted -->
+          <span :class="linkedAccount.id === user.id ? 'text-muted' : ''">
+            {{ linkedAccount.email }}
+            <span v-if="linkedAccount.id === user.id">(Current)</span> <!-- Label for current account -->
+          </span>
+        </b-dropdown-item>
+      </b-nav-item-dropdown>
     </b-nav>
   </div>
 </template>
@@ -163,7 +207,14 @@ export default {
     Email,
     ToggleButton
   },
+  props: {
+    linkedAccounts: {
+      type: Array,
+      default: () => {}
+    }
+  },
   data: () => ({
+    accountToSwitchTo: {},
     toggleInstructorStudentViewRouteNames: toggleInstructorStudentViewRouteNames,
     toggleColors: window.config.toggleColors,
     isAnonymousUser: false,
@@ -257,6 +308,33 @@ export default {
     document.head.appendChild(widgetScript)
   },
   methods: {
+    loadCoursesPage () {
+      window.location.replace('/instructors/courses')
+    },
+    async switchAccount (accountToSwitchTo) {
+      this.accountToSwitchTo = accountToSwitchTo
+      try {
+        const { data } = await axios.patch(`/api/linked-account/switch/${accountToSwitchTo.id}`)
+        if (data.type === 'success') {
+          await this.$store.dispatch('auth/saveToken', {
+            token: data.token,
+            remember: this.remember
+          })
+          await this.$store.dispatch('auth/fetchUser')
+          // Redirect to the correct home page
+          Object.keys(localStorage).forEach((key) => {
+            if (key !== ('appversion')) {
+              delete localStorage[key]
+            }
+          })
+          this.$bvModal.show('modal-switched-account')
+        } else {
+          this.$noty.error(data.message)
+        }
+      } catch (error) {
+        this.$noty.error(error.message)
+      }
+    },
     contactUsWidget () {
       document.getElementById('supportButton').click()
     },
diff --git a/resources/js/layouts/default.vue b/resources/js/layouts/default.vue
index 8cfde9bd2..49e224b8f 100644
--- a/resources/js/layouts/default.vue
+++ b/resources/js/layouts/default.vue
@@ -10,7 +10,7 @@
       </b-alert>
     </div>
     <div v-if="!inIFrame">
-      <navbar/>
+      <navbar :linked-accounts="linkedAccounts"/>
     </div>
     <div v-else id="default-padding-top" style="padding-top:30px"/>
     <div id="main-content" role="main" :class="{ 'container': true, 'mt-4': true }" tabindex="-1">
@@ -69,7 +69,8 @@
                 The LibreTexts ADAPT platform is supported by the Department of Education Open Textbook Pilot Project
                 and the
                 <a href="https://opr.ca.gov/learninglab/">California Education Learning Lab</a>. Have questions or
-                comments? For more information please <a href="" @click.prevent="contactUsWidget()">contact us by email</a>.
+                comments? For more information please <a href="" @click.prevent="contactUsWidget()">contact us by
+                email</a>.
               </p>
               <p>
                 For quick navigation, you can use our <a href="" @click.prevent="getSitemapURL()">sitemap</a>. In
@@ -80,7 +81,7 @@
                   target="_blank"
                 >
                   accessibility</a> and our <a href="https://chem.libretexts.org/Sandboxes/admin/FERPA_Statement"
-                                             target="_blank"
+                                               target="_blank"
               >FERPA statement</a>. And you can also
                 view our <a href="https://libretexts.org/legal/index.html" target="_blank">Terms And Conditions</a>
                 should you
@@ -130,6 +131,7 @@ import Navbar from '~/components/Navbar'
 import { mapGetters } from 'vuex'
 import Email from '~/components/Email'
 import Child from '../components/Child.vue'
+import linked_accounts from '../pages/settings/linked_accounts.vue'
 
 export default {
   name: 'MainLayout',
@@ -139,6 +141,7 @@ export default {
     Email
   },
   data: () => ({
+    linkedAccounts: [],
     intervalId: null,
     showFooter: true,
     skipToContent: '',
@@ -172,6 +175,14 @@ export default {
     }
   },
   mounted () {
+    this.$nextTick(() => {
+      this.linkedAccounts = this.user ? JSON.parse(this.user.linked_accounts) : []
+      if (this.linkedAccounts.length) {
+        this.linkedAccounts = this.linkedAccounts.sort((a, b) => {
+          return a.id === this.user.id ? -1 : b.id === this.user.id ? 1 : 0
+        })
+      }
+    })
 
     if (!this.inIFrame && !this.isLearningTreesEditor) {
       document.getElementById('main-content').style.minHeight = (window.screen.height - 430) + 'px'
@@ -198,7 +209,7 @@ export default {
     }
   },
   methods: {
-    checkQuestionViewDisplay() {
+    checkQuestionViewDisplay () {
       const questionViewDisplay = document.getElementById('questions-loaded')
       if (questionViewDisplay) {
         this.showFooter = true
diff --git a/resources/js/pages/settings/index.vue b/resources/js/pages/settings/index.vue
index c2ae22970..c0dbb4311 100644
--- a/resources/js/pages/settings/index.vue
+++ b/resources/js/pages/settings/index.vue
@@ -41,7 +41,8 @@ export default {
       user: 'auth/user'
     }),
     tabs () {
-      return [
+      let tabs
+      tabs = [
         {
           name: this.$t('profile'),
           route: 'settings.profile'
@@ -51,6 +52,10 @@ export default {
           route: 'settings.password'
         }
       ]
+      if (this.user && this.user.role !== 3) {
+        tabs.push({ name: 'Linked Accounts', route: 'settings.linked_accounts' })
+      }
+      return tabs
     }
   }
 }
diff --git a/resources/js/pages/settings/linked_accounts.vue b/resources/js/pages/settings/linked_accounts.vue
new file mode 100644
index 000000000..56ec35bc5
--- /dev/null
+++ b/resources/js/pages/settings/linked_accounts.vue
@@ -0,0 +1,285 @@
+<template>
+  <div>
+    <AllFormErrors :all-form-errors="allFormErrors" :modal-id="'modal-form-link-accounts'" />
+    <b-modal id="modal-no-longer-linked"
+             title="No longer linked"
+             @hidden="reloadPage"
+    >
+      Your accounts are no longer linked.
+      <template #modal-footer>
+        <b-button
+          size="sm"
+          class="float-right"
+          @click="reloadPage"
+        >
+          OK
+        </b-button>
+      </template>
+    </b-modal>
+    <b-modal id="modal-confirm-unlink-account"
+             title="Unlink Account"
+    >
+      <p>Please confirm that you would like to unlink your account from:</p>
+      <p class="text-center font-weight-bold">
+        {{ accountToUnlink.email }}
+      </p>
+      <template #modal-footer>
+        <b-button
+          size="sm"
+          class="float-right"
+          @click="$bvModal.hide('modal-confirm-unlink-account')"
+        >
+          Cancel
+        </b-button>
+        <b-button
+          size="sm"
+          variant="danger"
+          class="float-right"
+          @click="unlinkAccount()"
+        >
+          Unlink
+        </b-button>
+      </template>
+    </b-modal>
+    <b-modal id="modal-your-accounts-have-been-linked"
+             title="Success!"
+             size="lg"
+             no-close-on-backdrop
+             no-close-on-esc
+             @hidden="reloadPage"
+    >
+      Your accounts have been linked. You will be able to switch back and forth between your accounts by using the
+      dropdown in
+      the upper right-hand corner of the page.
+      <template #modal-footer>
+        <b-button
+          size="sm"
+          class="float-right"
+          @click="$bvModal.hide('modal-your-accounts-have-been-linked')"
+        >
+          OK
+        </b-button>
+      </template>
+    </b-modal>
+    <b-modal id="modal-validate-code"
+             title="Validate Code"
+    >
+      <p>
+        Please enter the validation code sent to your other ADAPT email account. If you didn't receive a code, we can
+        always
+        <a href="" @click.prevent="emailLinkToAccountCode(true)">resend it</a>.
+      </p>
+      <b-form-group
+        label-cols-sm="5"
+        label-cols-lg="4"
+        label="Validation Code*"
+        label-for="validation_code"
+      >
+        <b-form-input
+          id="validation_code"
+          v-model="validateCodeForm.validation_code"
+          required
+          type="text"
+          :class="{ 'is-invalid': validateCodeForm.errors.has('validation_code') }"
+          @keydown="validateCodeForm.errors.clear('validation_code')"
+        />
+        <has-error :form="validateCodeForm" field="validation_code" />
+      </b-form-group>
+      <template #modal-footer>
+        <b-button
+          size="sm"
+          class="float-right"
+          @click="$bvModal.hide('modal-form-link-accounts')"
+        >
+          Cancel
+        </b-button>
+
+        <b-button
+          variant="primary"
+          size="sm"
+          class="float-right"
+          @click="validateCode()"
+        >
+          Validate
+        </b-button>
+      </template>
+    </b-modal>
+    <div class="mt-3">
+      <div v-if="isMainAccount() || !linkedAccounts.length">
+        <b-card header-html="<h2 class=&quot;h7&quot;>Link Accounts</h2>">
+          <p>
+            You can link multiple ADAPT instructor accounts together so that you can easily switch between your
+            accounts.
+            This account will
+            serve as the main account
+            so that additional linked accounts should be added here.
+          </p>
+          <b-form-group
+            label-cols-sm="2"
+            label-cols-lg="1"
+            label="Email*"
+            label-for="email"
+          >
+            <b-form-input
+              id="account_to_link_to"
+              v-model="accountToLinkToForm.email"
+              required
+              placeholder="Email address of your other ADAPT instructor account"
+              type="text"
+              :class="{ 'is-invalid': accountToLinkToForm.errors.has('email') }"
+              @keydown="accountToLinkToForm.errors.clear('email')"
+            />
+            <has-error :form="accountToLinkToForm" field="email" />
+          </b-form-group>
+          <b-button
+            variant="primary"
+            size="sm"
+            class="float-right"
+            @click="emailLinkToAccountCode()"
+          >
+            Send Code
+          </b-button>
+        </b-card>
+        <div class="mt-3">
+          <b-card header-html="<h2 class=&quot;h7&quot;>Unlink Account</h2>">
+            <b-alert variant="info" :show="!linkedAccounts.length">
+              You currently have no linked accounts.
+            </b-alert>
+            <div v-if="linkedAccounts.length" class="mb-3">
+              Unlinking an account will only remove the connection between them. No other information will
+              be
+              removed
+              from our system.
+            </div>
+            <div v-for="linkedAccount in linkedAccounts"
+                 :key="`linked-account-${linkedAccount.id}`"
+                 class="mb-2"
+            >
+              <span v-if="linkedAccount.id !== user.id">{{ linkedAccount.email }}
+                <b-button variant="danger"
+                          size="sm"
+                          @click="initUnlinkAccount(linkedAccount)"
+                >
+                  Unlink Account
+                </b-button>
+              </span>
+            </div>
+          </b-card>
+        </div>
+      </div>
+      <div v-if="!isMainAccount() && linkedAccounts.length">
+        <b-alert show variant="info">
+          Your are currently signed into a linked account. If you would like to adjust which accounts are linked, please switch
+          to the main account:
+          <strong>{{ linkedAccounts.find(item => item.main_account).email }}</strong>.
+        </b-alert>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script>
+import AllFormErrors from '~/components/AllFormErrors'
+import { fixInvalid } from '~/helpers/accessibility/FixInvalid'
+import { mapGetters } from 'vuex'
+import axios from 'axios'
+import Form from 'vform'
+
+export default {
+  scrollToTop: false,
+  components: { AllFormErrors },
+  metaInfo () {
+    return { title: 'Settings - Linked Accounts' }
+  },
+  data: () => ({
+    accountToUnlink: {},
+    linkedAccounts: [],
+    allFormErrors: [],
+    accountToLinkToForm: new Form({
+      email: ''
+    }),
+    validateCodeForm: new Form({
+      validation_code: ''
+    })
+  }),
+  computed: mapGetters({
+    authenticated: 'auth/check',
+    user: 'auth/user'
+  }),
+  mounted () {
+    this.linkedAccounts = JSON.parse(this.user.linked_accounts)
+    if (!this.linkedAccounts) {
+      this.linkedAccounts = []
+    }
+  },
+  methods: {
+    isMainAccount () {
+      return this.linkedAccounts.length && this.linkedAccounts.find(item => item.id === this.user.id).main_account
+    },
+    initUnlinkAccount (accountToUnlink) {
+      this.accountToUnlink = accountToUnlink
+      this.$bvModal.show('modal-confirm-unlink-account')
+    },
+    async unlinkAccount () {
+      try {
+        const { data } = await axios.patch(`/api/linked-account/unlink/${this.accountToUnlink.id}`)
+
+        if (data.type === 'info') {
+          this.$bvModal.hide('modal-confirm-unlink-account')
+          this.$bvModal.show('modal-no-longer-linked')
+        } else {
+          this.$noty.error(data.message)
+        }
+      } catch (error) {
+        if (!error.message.includes('status code 422')) {
+          this.$noty.error(error.message)
+        } else {
+          this.$nextTick(() => fixInvalid())
+          this.allFormErrors = this.accountToLinkToForm.errors.flatten()
+          this.$bvModal.show('modal-form-link-accounts')
+        }
+      }
+    },
+    async reloadPage () {
+      location.reload()
+    },
+    async validateCode () {
+      try {
+        const { data } = await this.validateCodeForm.patch('/api/linked-account/validate-code')
+        if (data.type === 'success') {
+          this.$bvModal.show('modal-your-accounts-have-been-linked')
+        } else {
+          this.$noty.error(data.message)
+        }
+      } catch (error) {
+        if (!error.message.includes('status code 422')) {
+          this.$noty.error(error.message)
+        } else {
+          this.$nextTick(() => fixInvalid())
+          this.allFormErrors = this.accountToLinkToForm.errors.flatten()
+        }
+      }
+    },
+    async emailLinkToAccountCode (resent = false) {
+      try {
+        const { data } = await this.accountToLinkToForm.patch('/api/linked-account/email-validation-code')
+        if (data.type === 'success') {
+          this.$bvModal.show('modal-validate-code')
+          if (resent) {
+            this.$noty.info('A new code has been sent.')
+          }
+        } else {
+          this.$noty.error(data.message)
+        }
+      } catch (error) {
+        if (!error.message.includes('status code 422')) {
+          this.$noty.error(error.message)
+        } else {
+          this.$nextTick(() => fixInvalid())
+          this.allFormErrors = this.accountToLinkToForm.errors.flatten()
+        }
+      }
+    }
+  }
+}
+</script>
diff --git a/resources/js/router/routes.js b/resources/js/router/routes.js
index ff6d51c3d..4871a4c8b 100644
--- a/resources/js/router/routes.js
+++ b/resources/js/router/routes.js
@@ -306,7 +306,8 @@ let general_paths = [
       { path: '', redirect: { name: 'settings.profile' } },
       { path: 'profile', name: 'settings.profile', component: page('settings/profile.vue') },
       { path: 'password', name: 'settings.password', component: page('settings/password.vue') },
-      { path: 'notifications', name: 'settings.notifications', component: page('settings/notifications.vue')}
+      { path: 'notifications', name: 'settings.notifications', component: page('settings/notifications.vue')},
+      { path: 'linked-accounts', name: 'settings.linked_accounts', component: page('settings/linked_accounts.vue')}
     ]
   },
   {
diff --git a/resources/views/emails/link_to_account_validation_code.blade.php b/resources/views/emails/link_to_account_validation_code.blade.php
new file mode 100644
index 000000000..20266466d
--- /dev/null
+++ b/resources/views/emails/link_to_account_validation_code.blade.php
@@ -0,0 +1,22 @@
+@extends('beautymail::templates.sunny')
+
+@section('content')
+
+  @include ('beautymail::templates.sunny.heading' , [
+      'heading' => 'Validation code to Link Accounts',
+      'level' => 'h1',
+  ])
+
+  @include('beautymail::templates.sunny.contentStart')
+  <p>Hi {{$first_name}},</p>
+  <p>
+    Please use the following validation code to link your two accounts: <strong>{{$validation_code}}</strong>.
+    This code will expire 10 minutes.
+  </p>
+  <p>If you did not make this request, please contact us.</p>
+  <p>-ADAPT Support</p>
+  @include('beautymail::templates.sunny.contentEnd')
+
+  @include('beautymail::templates.sunny.contentEnd')
+
+@stop
diff --git a/routes/api.php b/routes/api.php
index 8781203dd..1e8de116b 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -151,9 +151,16 @@
     Route::patch('/user/email', 'UserController@updateEmail');
     Route::patch('/user/get-user-info-by-email', 'UserController@getUserInfoByEmail');
 
+
+    Route::patch('/linked-account/email-validation-code', 'LinkedAccountController@emailLinkToAccountValidationCode');
+    Route::patch('/linked-account/validate-code', 'LinkedAccountController@validateCodeToLinkToAccount');
+    Route::patch('/linked-account/switch/{account_to_switch_to}', 'LinkedAccountController@switch');
+    Route::patch('/linked-account/unlink/{account_to_unlink}', 'LinkedAccountController@unlink');
+
     Route::post('/user/exit-login-as', 'Auth\UserController@exitLoginAs');
     Route::post('/user/login-as-student-in-course', 'Auth\UserController@loginAsStudentInCourse');
 
+
     Route::get('/user/get-session', 'Auth\UserController@getSession');
     Route::post('/user/instructors-with-public-courses', 'UserController@getInstructorsWithPublicCourses');
     Route::get('/user/question-editors', 'UserController@getAllQuestionEditors');
diff --git a/tests/Feature/LinkedAccountsTest.php b/tests/Feature/LinkedAccountsTest.php
new file mode 100644
index 000000000..b7eb2cb9a
--- /dev/null
+++ b/tests/Feature/LinkedAccountsTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Foundation\Testing\WithFaker;
+use Tests\TestCase;
+
+class LinkedAccountsTest extends TestCase
+{
+
+    public function setup(): void
+    {
+
+        parent::setUp();
+        $this->user = factory(User::class)->create(['role' => 2]);//not admin
+        /*
+            Route::patch('/linked-account/validate-code', 'LinkedAccountController@validateCodeToLinkToAccount');
+            Route::patch('/linked-account/switch/{account_to_switch_to}', 'LinkedAccountController@switch');
+            Route::patch('/linked-account/unlink/{account_to_unlink}', 'LinkedAccountController@unlink');*/
+    }
+
+    /** @test */
+    public function cannot_link_to_own_account()
+    {
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/email-validation-code", ['email' => $this->user->email])
+            ->assertJsonValidationErrors('email');
+    }
+
+    /** @test */
+    public function cannot_link_to_non_instructor_account()
+    {
+        $student_user = factory(User::class)->create(['role' => 3]);
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/email-validation-code", ['email' => $student_user])
+            ->assertJsonValidationErrors('email');
+
+    }
+
+    /** @test */
+    public function cannot_link_to_admin_account()
+    {
+        $admin_user = factory(User::class)->create(['role' => 5]);
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/email-validation-code", ['email' => $admin_user->email])
+            ->assertJsonValidationErrors('email');
+
+    }
+
+    /** @test */
+    public function must_be_correct_validation_code()
+    {
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/validate-code", ['validation_code' => 'code does not exist'])
+            ->assertJsonValidationErrors('validation_code');
+    }
+
+    /** @test */
+    public function cannot_switch_to_invalid_account()
+    {
+        $user_2 = factory(User::class)->create();
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/switch/$user_2->id")
+            ->assertJson(['message' => 'You cannot switch to that account.']);
+    }
+
+    /** @test */
+    public function cannot_unlink_from_account_you_are_not_linked_to()
+    {
+        $user_2 = factory(User::class)->create();
+        $this->actingAs($this->user)
+            ->patchJson("/api/linked-account/unlink/$user_2->id")
+            ->assertJson(['message' => 'You are not allowed to unlink that account.']);
+    }
+
+
+}