diff options
| author | 6543 <6543@obermui.de> | 2020-11-22 18:31:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-22 12:31:35 -0500 |
| commit | 33431fcbd3e5c4a6c6bf18db3339ae331efdf3f4 (patch) | |
| tree | c4703e6e80ea369826e4eb72d079f23610143f9b /models/user.go | |
| parent | f2a3a9117ead84e644777e9dd77411382d17ee04 (diff) | |
| download | gitea-33431fcbd3e5c4a6c6bf18db3339ae331efdf3f4.tar.gz gitea-33431fcbd3e5c4a6c6bf18db3339ae331efdf3f4.zip | |
Validate email before inserting/updating (#13475) (#13666)
* Add email validity check (#13475)
* Improve error feedback for duplicate deploy keys
Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.
* API returns 422 error when key with name exists
* Add email validity checking
Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails
* Add further tests
* Add signup email tests
* Add email validity check for linking existing account
* Address PR comments
* Remove unneeded DB session
* Move email check to updateUser
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* skip email validation on empty string (#13627)
- move validation into its own function
- use a session for UpdateUserSetting
* rm TODO for backport
Co-authored-by: Chris Shyi <chrisshyi13@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'models/user.go')
| -rw-r--r-- | models/user.go | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/models/user.go b/models/user.go index 1ab417115f..b2abdca964 100644 --- a/models/user.go +++ b/models/user.go @@ -821,6 +821,10 @@ func CreateUser(u *User) (err error) { return ErrEmailAlreadyUsed{u.Email} } + if err = ValidateEmail(u.Email); err != nil { + return err + } + isExist, err = isEmailUsed(sess, u.Email) if err != nil { return err @@ -963,8 +967,12 @@ func checkDupEmail(e Engine, u *User) error { return nil } -func updateUser(e Engine, u *User) error { - _, err := e.ID(u.ID).AllCols().Update(u) +func updateUser(e Engine, u *User) (err error) { + u.Email = strings.ToLower(u.Email) + if err = ValidateEmail(u.Email); err != nil { + return err + } + _, err = e.ID(u.ID).AllCols().Update(u) return err } @@ -984,13 +992,21 @@ func updateUserCols(e Engine, u *User, cols ...string) error { } // UpdateUserSetting updates user's settings. -func UpdateUserSetting(u *User) error { +func UpdateUserSetting(u *User) (err error) { + sess := x.NewSession() + defer sess.Close() + if err = sess.Begin(); err != nil { + return err + } if !u.IsOrganization() { - if err := checkDupEmail(x, u); err != nil { + if err = checkDupEmail(sess, u); err != nil { return err } } - return updateUser(x, u) + if err = updateUser(sess, u); err != nil { + return err + } + return sess.Commit() } // deleteBeans deletes all given beans, beans should contain delete conditions. |