Restrict email address validation (#17688)

This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
author: Lunny Xiao <xiaolunwen@gmail.com> 2022-03-15 01:39:54 +0800
committer: GitHub <noreply@github.com> 2022-03-14 18:39:54 +0100
commit: 18033f49ba8f00695dd9f885360664a383610df1 (patch)
tree: df3c1f1738353a7fffc4ac7b9e6c48e3af231b9c /models/user/user.go
parent: 49db87a035a28cd8eaa4abdd5832f952ca6449d9 (diff)
download: gitea-18033f49ba8f00695dd9f885360664a383610df1.tar.gz
gitea-18033f49ba8f00695dd9f885360664a383610df1.zip
1 files changed, 9 insertions, 5 deletions
diff --git a/models/user/user.go b/models/user/user.go
index 3eabf4808c..a3094a13ce 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -644,6 +644,15 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
 		u.Visibility = overwriteDefault[0].Visibility
 	}
 
+	// validate data
+	if err := validateUser(u); err != nil {
+		return err
+	}
+
+	if err := ValidateEmail(u.Email); err != nil {
+		return err
+	}
+
 	ctx, committer, err := db.TxContext()
 	if err != nil {
 		return err
@@ -652,11 +661,6 @@ func CreateUser(u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err e
 
 	sess := db.GetEngine(ctx)
 
-	// validate data
-	if err := validateUser(u); err != nil {
-		return err
-	}
-
 	isExist, err := isUserExist(sess, 0, u.Name)
 	if err != nil {
 		return err
author	Lunny Xiao <xiaolunwen@gmail.com>	2022-03-15 01:39:54 +0800
committer	GitHub <noreply@github.com>	2022-03-14 18:39:54 +0100
commit	18033f49ba8f00695dd9f885360664a383610df1 (patch)
tree	df3c1f1738353a7fffc4ac7b9e6c48e3af231b9c /models/user/user.go
parent	49db87a035a28cd8eaa4abdd5832f952ca6449d9 (diff)
download	gitea-18033f49ba8f00695dd9f885360664a383610df1.tar.gz gitea-18033f49ba8f00695dd9f885360664a383610df1.zip