aboutsummaryrefslogtreecommitdiffstats
path: root/models
diff options
context:
space:
mode:
authorAlexander Shimchik <alexsh42@gmail.com>2022-09-29 15:36:29 +0300
committerGitHub <noreply@github.com>2022-09-29 14:36:29 +0200
commit1d3095b71849d7084a26638af831e284d942cb43 (patch)
tree7c8d95e815c2aab7b2d9949c53bf6bfeed30554d /models
parentb7309b8ccb16f6303ae300b755baef9f9713d457 (diff)
downloadgitea-1d3095b71849d7084a26638af831e284d942cb43.tar.gz
gitea-1d3095b71849d7084a26638af831e284d942cb43.zip
Check if email is used when updating user (#21289)
Fix #21075 When updating user data should check if email is used by other users
Diffstat (limited to 'models')
-rw-r--r--models/user/user.go17
-rw-r--r--models/user/user_test.go16
2 files changed, 27 insertions, 6 deletions
diff --git a/models/user/user.go b/models/user/user.go
index 32484a487f..a3c10c2492 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -893,14 +893,19 @@ func UpdateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...s
if err != nil {
return err
}
- if !has {
- // 1. Update old primary email
- if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
- IsPrimary: false,
- }); err != nil {
- return err
+ if has && emailAddress.UID != u.ID {
+ return ErrEmailAlreadyUsed{
+ Email: u.Email,
}
+ }
+ // 1. Update old primary email
+ if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
+ IsPrimary: false,
+ }); err != nil {
+ return err
+ }
+ if !has {
emailAddress.Email = u.Email
emailAddress.UID = u.ID
emailAddress.IsActivated = true
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 848c978a9b..678d6c186c 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -302,10 +302,26 @@ func TestUpdateUser(t *testing.T) {
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
assert.True(t, user.KeepActivityPrivate)
+ newEmail := "new_" + user.Email
+ user.Email = newEmail
+ assert.NoError(t, user_model.UpdateUser(db.DefaultContext, user, true))
+ user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+ assert.Equal(t, newEmail, user.Email)
+
user.Email = "no mail@mail.org"
assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true))
}
+func TestUpdateUserEmailAlreadyUsed(t *testing.T) {
+ assert.NoError(t, unittest.PrepareTestDatabase())
+ user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+ user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
+
+ user2.Email = user3.Email
+ err := user_model.UpdateUser(db.DefaultContext, user2, true)
+ assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
+}
+
func TestNewUserRedirect(t *testing.T) {
// redirect to a completely new name
assert.NoError(t, unittest.PrepareTestDatabase())