Check if email is used when updating user (#21289)

Fix #21075 When updating user data should check if email is used by other users
author: Alexander Shimchik <alexsh42@gmail.com> 2022-09-29 15:36:29 +0300
committer: GitHub <noreply@github.com> 2022-09-29 14:36:29 +0200
commit: 1d3095b71849d7084a26638af831e284d942cb43 (patch)
tree: 7c8d95e815c2aab7b2d9949c53bf6bfeed30554d
parent: b7309b8ccb16f6303ae300b755baef9f9713d457 (diff)
download: gitea-1d3095b71849d7084a26638af831e284d942cb43.tar.gz
gitea-1d3095b71849d7084a26638af831e284d942cb43.zip
2 files changed, 27 insertions, 6 deletions
diff --git a/models/user/user.go b/models/user/user.go
index 32484a487f..a3c10c2492 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -893,14 +893,19 @@ func UpdateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...s
 		if err != nil {
 			return err
 		}
-		if !has {
-			// 1. Update old primary email
-			if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
-				IsPrimary: false,
-			}); err != nil {
-				return err
+		if has && emailAddress.UID != u.ID {
+			return ErrEmailAlreadyUsed{
+				Email: u.Email,
 			}
+		}
+		// 1. Update old primary email
+		if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
+			IsPrimary: false,
+		}); err != nil {
+			return err
+		}
 
+		if !has {
 			emailAddress.Email = u.Email
 			emailAddress.UID = u.ID
 			emailAddress.IsActivated = true
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 848c978a9b..678d6c186c 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -302,10 +302,26 @@ func TestUpdateUser(t *testing.T) {
 	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	assert.True(t, user.KeepActivityPrivate)
 
+	newEmail := "new_" + user.Email
+	user.Email = newEmail
+	assert.NoError(t, user_model.UpdateUser(db.DefaultContext, user, true))
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	assert.Equal(t, newEmail, user.Email)
+
 	user.Email = "no mail@mail.org"
 	assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true))
 }
 
+func TestUpdateUserEmailAlreadyUsed(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
+
+	user2.Email = user3.Email
+	err := user_model.UpdateUser(db.DefaultContext, user2, true)
+	assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
+}
+
 func TestNewUserRedirect(t *testing.T) {
 	// redirect to a completely new name
 	assert.NoError(t, unittest.PrepareTestDatabase())
author	Alexander Shimchik <alexsh42@gmail.com>	2022-09-29 15:36:29 +0300
committer	GitHub <noreply@github.com>	2022-09-29 14:36:29 +0200
commit	1d3095b71849d7084a26638af831e284d942cb43 (patch)
tree	7c8d95e815c2aab7b2d9949c53bf6bfeed30554d
parent	b7309b8ccb16f6303ae300b755baef9f9713d457 (diff)
download	gitea-1d3095b71849d7084a26638af831e284d942cb43.tar.gz gitea-1d3095b71849d7084a26638af831e284d942cb43.zip