Fix database inconsistent when admin change user email (#17549)

4 files changed, 24 insertions, 6 deletions

diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index e50abb5937..b93c628072 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"strings"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
@@ -203,12 +204,21 @@ func EditUser(ctx *context.APIContext) {
 	if form.FullName != nil {
 		u.FullName = *form.FullName
 	}
+	var emailChanged bool
 	if form.Email != nil {
-		u.Email = *form.Email
-		if len(u.Email) == 0 {
+		email := strings.TrimSpace(*form.Email)
+		if len(email) == 0 {
 			ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string"))
 			return
 		}
+
+		if err := user_model.ValidateEmail(email); err != nil {
+			ctx.InternalServerError(err)
+			return
+		}
+
+		emailChanged = !strings.EqualFold(u.Email, email)
+		u.Email = email
 	}
 	if form.Website != nil {
 		u.Website = *form.Website
@@ -247,7 +257,7 @@ func EditUser(ctx *context.APIContext) {
 		u.IsRestricted = *form.Restricted
 	}
 
-	if err := user_model.UpdateUser(u); err != nil {
+	if err := user_model.UpdateUser(u, emailChanged); err != nil {
 		if user_model.IsErrEmailAlreadyUsed(err) || user_model.IsErrEmailInvalid(err) {
 			ctx.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
diff --git a/routers/api/v1/user/settings.go b/routers/api/v1/user/settings.go
index 40bee56681..5f4d76ed72 100644
--- a/routers/api/v1/user/settings.go
+++ b/routers/api/v1/user/settings.go
@@ -74,7 +74,7 @@ func UpdateUserSettings(ctx *context.APIContext) {
 		ctx.User.KeepActivityPrivate = *form.HideActivity
 	}
 
-	if err := user_model.UpdateUser(ctx.User); err != nil {
+	if err := user_model.UpdateUser(ctx.User, false); err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index b92c5cf01a..044efa0099 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -298,6 +298,13 @@ func EditUserPost(ctx *context.Context) {
 			ctx.RenderWithErr(errMsg, tplUserNew, &form)
 			return
 		}
+
+		if err := user_model.ValidateEmail(form.Email); err != nil {
+			ctx.Data["Err_Email"] = true
+			ctx.RenderWithErr(ctx.Tr("form.email_error"), tplUserNew, &form)
+			return
+		}
+
 		if u.Salt, err = user_model.GetUserSalt(); err != nil {
 			ctx.ServerError("UpdateUser", err)
 			return
@@ -332,6 +339,7 @@ func EditUserPost(ctx *context.Context) {
 
 	u.LoginName = form.LoginName
 	u.FullName = form.FullName
+	emailChanged := !strings.EqualFold(u.Email, form.Email)
 	u.Email = form.Email
 	u.Website = form.Website
 	u.Location = form.Location
@@ -352,7 +360,7 @@ func EditUserPost(ctx *context.Context) {
 		u.ProhibitLogin = form.ProhibitLogin
 	}
 
-	if err := user_model.UpdateUser(u); err != nil {
+	if err := user_model.UpdateUser(u, emailChanged); err != nil {
 		if user_model.IsErrEmailAlreadyUsed(err) {
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form)
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index de4fa05e4a..0a328dfa4e 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -104,7 +104,7 @@ func SettingsPost(ctx *context.Context) {
 	visibilityChanged := form.Visibility != org.Visibility
 	org.Visibility = form.Visibility
 
-	if err := user_model.UpdateUser(org.AsUser()); err != nil {
+	if err := user_model.UpdateUser(org.AsUser(), false); err != nil {
 		ctx.ServerError("UpdateUser", err)
 		return
 	}