diff options
| author | Lunny Xiao <xiaolunwen@gmail.com> | 2022-03-15 01:39:54 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-14 18:39:54 +0100 |
| commit | 18033f49ba8f00695dd9f885360664a383610df1 (patch) | |
| tree | df3c1f1738353a7fffc4ac7b9e6c48e3af231b9c /routers | |
| parent | 49db87a035a28cd8eaa4abdd5832f952ca6449d9 (diff) | |
| download | gitea-18033f49ba8f00695dd9f885360664a383610df1.tar.gz gitea-18033f49ba8f00695dd9f885360664a383610df1.zip | |
Restrict email address validation (#17688)
This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/admin/user.go | 5 | ||||
| -rw-r--r-- | routers/api/v1/user/email.go | 3 | ||||
| -rw-r--r-- | routers/web/admin/users.go | 6 | ||||
| -rw-r--r-- | routers/web/auth/auth.go | 3 | ||||
| -rw-r--r-- | routers/web/user/setting/account.go | 3 |
5 files changed, 16 insertions, 4 deletions
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 0ecebad5d7..1d3854df9b 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -119,6 +119,7 @@ func CreateUser(ctx *context.APIContext) { user_model.IsErrEmailAlreadyUsed(err) || db.IsErrNameReserved(err) || db.IsErrNameCharsNotAllowed(err) || + user_model.IsErrEmailCharIsNotSupported(err) || user_model.IsErrEmailInvalid(err) || db.IsErrNamePatternNotAllowed(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) @@ -265,7 +266,9 @@ func EditUser(ctx *context.APIContext) { } if err := user_model.UpdateUser(u, emailChanged); err != nil { - if user_model.IsErrEmailAlreadyUsed(err) || user_model.IsErrEmailInvalid(err) { + if user_model.IsErrEmailAlreadyUsed(err) || + user_model.IsErrEmailCharIsNotSupported(err) || + user_model.IsErrEmailInvalid(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { ctx.Error(http.StatusInternalServerError, "UpdateUser", err) diff --git a/routers/api/v1/user/email.go b/routers/api/v1/user/email.go index 6887c306cc..ed79723c60 100644 --- a/routers/api/v1/user/email.go +++ b/routers/api/v1/user/email.go @@ -80,7 +80,8 @@ func AddEmail(ctx *context.APIContext) { if err := user_model.AddEmailAddresses(emails); err != nil { if user_model.IsErrEmailAlreadyUsed(err) { ctx.Error(http.StatusUnprocessableEntity, "", "Email address has been used: "+err.(user_model.ErrEmailAlreadyUsed).Email) - } else if user_model.IsErrEmailInvalid(err) { + } else if user_model.IsErrEmailCharIsNotSupported(err) || + user_model.IsErrEmailInvalid(err) { errMsg := fmt.Sprintf("Email address %s invalid", err.(user_model.ErrEmailInvalid).Email) ctx.Error(http.StatusUnprocessableEntity, "", errMsg) } else { diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index 1f304297c0..a7d7d62d9a 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -171,6 +171,9 @@ func NewUserPost(ctx *context.Context) { case user_model.IsErrEmailAlreadyUsed(err): ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserNew, &form) + case user_model.IsErrEmailCharIsNotSupported(err): + ctx.Data["Err_Email"] = true + ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form) case user_model.IsErrEmailInvalid(err): ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form) @@ -386,7 +389,8 @@ func EditUserPost(ctx *context.Context) { if user_model.IsErrEmailAlreadyUsed(err) { ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form) - } else if user_model.IsErrEmailInvalid(err) { + } else if user_model.IsErrEmailCharIsNotSupported(err) || + user_model.IsErrEmailInvalid(err) { ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserEdit, &form) } else { diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index ce8ec8a1e3..9209b7335e 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -573,6 +573,9 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{ case user_model.IsErrEmailAlreadyUsed(err): ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tpl, form) + case user_model.IsErrEmailCharIsNotSupported(err): + ctx.Data["Err_Email"] = true + ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tpl, form) case user_model.IsErrEmailInvalid(err): ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tpl, form) diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index b73122fa12..492b4f82c8 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -188,7 +188,8 @@ func EmailPost(ctx *context.Context) { ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSettingsAccount, &form) return - } else if user_model.IsErrEmailInvalid(err) { + } else if user_model.IsErrEmailCharIsNotSupported(err) || + user_model.IsErrEmailInvalid(err) { loadAccountData(ctx) ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsAccount, &form) |