From d025d84d91a43a691d748323cd74d0fdc5ecc9bf Mon Sep 17 00:00:00 2001
From: Chris Shyi <chrisshyi13@gmail.com>
Date: Sun, 15 Nov 2020 00:53:43 +0800
Subject: Add email validity check (#13475)

* Improve error feedback for duplicate deploy keys

Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.

* API returns 422 error when key with name exists

* Add email validity checking

Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails

* Add further tests

* Add signup email tests

* Add email validity check for linking existing account

* Address PR comments

* Remove unneeded DB session

* Move email check to updateUser

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
---
 models/user_mail.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'models/user_mail.go')

diff --git a/models/user_mail.go b/models/user_mail.go
index 60354e23ff..e15b5a3adf 100644
--- a/models/user_mail.go
+++ b/models/user_mail.go
@@ -8,6 +8,7 @@ package models
 import (
 	"errors"
 	"fmt"
+	"net/mail"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
@@ -143,6 +144,11 @@ func addEmailAddress(e Engine, email *EmailAddress) error {
 		return ErrEmailAlreadyUsed{email.Email}
 	}
 
+	_, err = mail.ParseAddress(email.Email)
+	if err != nil {
+		return ErrEmailInvalid{email.Email}
+	}
+
 	_, err = e.Insert(email)
 	return err
 }
@@ -167,6 +173,10 @@ func AddEmailAddresses(emails []*EmailAddress) error {
 		} else if used {
 			return ErrEmailAlreadyUsed{emails[i].Email}
 		}
+		_, err = mail.ParseAddress(emails[i].Email)
+		if err != nil {
+			return ErrEmailInvalid{emails[i].Email}
+		}
 	}
 
 	if _, err := x.Insert(emails); err != nil {
-- 
cgit v1.2.3