loading up the forgejo repo on tangled to test page performance
Skip email domain check when admins edit user emails (#29609)
Follow #29522
Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`
(cherry picked from commit 136dd99e86eea9c8bfe61b972a12b395655171e8)
authored by
Zettat123
and committed by
Earl Warren
e7afba21
02384ff9
+53
-9
+1
-1
models/user/email_address.go
+1
-1
models/user/email_address.go
···
165
165
return validateEmailDomain(email)
166
166
}
167
167
168
-
// ValidateEmailForAdmin check if email is a valid address when admins manually add users
168
+
// ValidateEmailForAdmin check if email is a valid address when admins manually add or edit users
169
169
func ValidateEmailForAdmin(email string) error {
170
170
return validateEmailBasic(email)
171
171
// In this case we do not need to check the email domain
+1
-1
routers/api/v1/admin/user.go
+1
-1
routers/api/v1/admin/user.go
···
209
209
}
210
210
211
211
if form.Email != nil {
212
-
if err := user_service.AddOrSetPrimaryEmailAddress(ctx, ctx.ContextUser, *form.Email); err != nil {
212
+
if err := user_service.AdminAddOrSetPrimaryEmailAddress(ctx, ctx.ContextUser, *form.Email); err != nil {
213
213
switch {
214
214
case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):
215
215
ctx.Error(http.StatusBadRequest, "EmailInvalid", err)
+1
-1
routers/web/admin/users.go
+1
-1
routers/web/admin/users.go
···
412
412
}
413
413
414
414
if form.Email != "" {
415
-
if err := user_service.AddOrSetPrimaryEmailAddress(ctx, u, form.Email); err != nil {
415
+
if err := user_service.AdminAddOrSetPrimaryEmailAddress(ctx, u, form.Email); err != nil {
416
416
switch {
417
417
case user_model.IsErrEmailCharIsNotSupported(err), user_model.IsErrEmailInvalid(err):
418
418
ctx.Data["Err_Email"] = true
+3
-2
services/user/email.go
+3
-2
services/user/email.go
···
14
14
"code.gitea.io/gitea/modules/util"
15
15
)
16
16
17
-
func AddOrSetPrimaryEmailAddress(ctx context.Context, u *user_model.User, emailStr string) error {
17
+
// AdminAddOrSetPrimaryEmailAddress is used by admins to add or set a user's primary email address
18
+
func AdminAddOrSetPrimaryEmailAddress(ctx context.Context, u *user_model.User, emailStr string) error {
18
19
if strings.EqualFold(u.Email, emailStr) {
19
20
return nil
20
21
}
21
22
22
-
if err := user_model.ValidateEmail(emailStr); err != nil {
23
+
if err := user_model.ValidateEmailForAdmin(emailStr); err != nil {
23
24
return err
24
25
}
25
26
+18
-4
services/user/email_test.go
+18
-4
services/user/email_test.go
···
10
10
organization_model "code.gitea.io/gitea/models/organization"
11
11
"code.gitea.io/gitea/models/unittest"
12
12
user_model "code.gitea.io/gitea/models/user"
13
+
"code.gitea.io/gitea/modules/setting"
13
14
15
+
"github.com/gobwas/glob"
14
16
"github.com/stretchr/testify/assert"
15
17
)
16
18
17
-
func TestAddOrSetPrimaryEmailAddress(t *testing.T) {
19
+
func TestAdminAddOrSetPrimaryEmailAddress(t *testing.T) {
18
20
assert.NoError(t, unittest.PrepareTestDatabase())
19
21
20
22
user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 27})
···
28
30
assert.NotEqual(t, "new-primary@example.com", primary.Email)
29
31
assert.Equal(t, user.Email, primary.Email)
30
32
31
-
assert.NoError(t, AddOrSetPrimaryEmailAddress(db.DefaultContext, user, "new-primary@example.com"))
33
+
assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(db.DefaultContext, user, "new-primary@example.com"))
32
34
33
35
primary, err = user_model.GetPrimaryEmailAddressOfUser(db.DefaultContext, user.ID)
34
36
assert.NoError(t, err)
···
39
41
assert.NoError(t, err)
40
42
assert.Len(t, emails, 2)
41
43
42
-
assert.NoError(t, AddOrSetPrimaryEmailAddress(db.DefaultContext, user, "user27@example.com"))
44
+
setting.Service.EmailDomainAllowList = []glob.Glob{glob.MustCompile("example.org")}
45
+
defer func() {
46
+
setting.Service.EmailDomainAllowList = []glob.Glob{}
47
+
}()
48
+
49
+
assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(db.DefaultContext, user, "new-primary2@example2.com"))
50
+
51
+
primary, err = user_model.GetPrimaryEmailAddressOfUser(db.DefaultContext, user.ID)
52
+
assert.NoError(t, err)
53
+
assert.Equal(t, "new-primary2@example2.com", primary.Email)
54
+
assert.Equal(t, user.Email, primary.Email)
55
+
56
+
assert.NoError(t, AdminAddOrSetPrimaryEmailAddress(db.DefaultContext, user, "user27@example.com"))
43
57
44
58
primary, err = user_model.GetPrimaryEmailAddressOfUser(db.DefaultContext, user.ID)
45
59
assert.NoError(t, err)
···
48
62
49
63
emails, err = user_model.GetEmailAddresses(db.DefaultContext, user.ID)
50
64
assert.NoError(t, err)
51
-
assert.Len(t, emails, 2)
65
+
assert.Len(t, emails, 3)
52
66
}
53
67
54
68
func TestReplacePrimaryEmailAddress(t *testing.T) {
+29
tests/integration/api_admin_test.go
+29
tests/integration/api_admin_test.go
···
359
359
req = NewRequest(t, "DELETE", "/api/v1/admin/users/allowedUser1").AddTokenAuth(token)
360
360
MakeRequest(t, req, http.StatusNoContent)
361
361
}
362
+
363
+
func TestAPIEditUser_NotAllowedEmailDomain(t *testing.T) {
364
+
defer tests.PrepareTestEnv(t)()
365
+
366
+
setting.Service.EmailDomainAllowList = []glob.Glob{glob.MustCompile("example.org")}
367
+
defer func() {
368
+
setting.Service.EmailDomainAllowList = []glob.Glob{}
369
+
}()
370
+
371
+
adminUsername := "user1"
372
+
token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
373
+
urlStr := fmt.Sprintf("/api/v1/admin/users/%s", "user2")
374
+
375
+
newEmail := "user2@example1.com"
376
+
req := NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
377
+
LoginName: "user2",
378
+
SourceID: 0,
379
+
Email: &newEmail,
380
+
}).AddTokenAuth(token)
381
+
MakeRequest(t, req, http.StatusOK)
382
+
383
+
originalEmail := "user2@example.com"
384
+
req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
385
+
LoginName: "user2",
386
+
SourceID: 0,
387
+
Email: &originalEmail,
388
+
}).AddTokenAuth(token)
389
+
MakeRequest(t, req, http.StatusOK)
390
+
}