Check if email is used when updating user (#21289)

Fix #21075 
When updating user data should check if email is used by other users
This commit is contained in:
Alexander Shimchik 2022-09-29 15:36:29 +03:00 committed by GitHub
parent b7309b8ccb
commit 1d3095b718
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 6 deletions

View file

@ -893,7 +893,11 @@ func UpdateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...s
if err != nil { if err != nil {
return err return err
} }
if !has { if has && emailAddress.UID != u.ID {
return ErrEmailAlreadyUsed{
Email: u.Email,
}
}
// 1. Update old primary email // 1. Update old primary email
if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{ if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{
IsPrimary: false, IsPrimary: false,
@ -901,6 +905,7 @@ func UpdateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...s
return err return err
} }
if !has {
emailAddress.Email = u.Email emailAddress.Email = u.Email
emailAddress.UID = u.ID emailAddress.UID = u.ID
emailAddress.IsActivated = true emailAddress.IsActivated = true

View file

@ -302,10 +302,26 @@ func TestUpdateUser(t *testing.T) {
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
assert.True(t, user.KeepActivityPrivate) assert.True(t, user.KeepActivityPrivate)
newEmail := "new_" + user.Email
user.Email = newEmail
assert.NoError(t, user_model.UpdateUser(db.DefaultContext, user, true))
user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
assert.Equal(t, newEmail, user.Email)
user.Email = "no mail@mail.org" user.Email = "no mail@mail.org"
assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true)) assert.Error(t, user_model.UpdateUser(db.DefaultContext, user, true))
} }
func TestUpdateUserEmailAlreadyUsed(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
user3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
user2.Email = user3.Email
err := user_model.UpdateUser(db.DefaultContext, user2, true)
assert.True(t, user_model.IsErrEmailAlreadyUsed(err))
}
func TestNewUserRedirect(t *testing.T) { func TestNewUserRedirect(t *testing.T) {
// redirect to a completely new name // redirect to a completely new name
assert.NoError(t, unittest.PrepareTestDatabase()) assert.NoError(t, unittest.PrepareTestDatabase())