check that the looked up code is of right event

code/moya-beans/ejbModule/fi/codecrew/moya/beans/UserBean.java

@@ -1140,7 +1140,16 @@ public class UserBean implements UserBeanLocal {
 
 	@Override
 	public EventUser findUserByCodeToken(String code) {
-		return eventUserFacade.findByTokenCode(code);
+		EventUser eventUser = eventUserFacade.findByTokenCode(code);
+
+		// Event mismatch?
+		Integer eventId = eventUser.getEvent().getId();
+		Integer currentEventId = eventBean.getCurrentEvent().getId();
+		if (eventId != currentEventId) {
+			throw new IllegalStateException("Looked up code " + code + " and got EventUser " + eventUser.getId() + " from event " + eventId + " which is not the current event " + currentEventId);
+		}
+
+		return eventUser;
 	}
 
 	@PermitAll