@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Application Emails - make various user email editing paths respect application emails
Summary: Ref T3404. The only mildly sketchy bit is these codepaths all load the application email directly, by-passing privacy. I think this is necessary because not getting to see an application doesn't mean you should be able to break the application by registering a colliding email address.
Test Plan:
Tried to add a registered application email to a user account via the web ui and got a pretty error.
Ran unit tests.
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin, epriestley
Maniphest Tasks: T3404
Differential Revision: https://secure.phabricator.com/D11565
+71
-1
+12
-1
src/applications/auth/controller/PhabricatorAuthRegisterController.php
+12
-1
src/applications/auth/controller/PhabricatorAuthRegisterController.php
···
62
62
if (!PhabricatorUserEmail::isValidAddress($default_email)) {
63
63
$default_email = null;
64
64
}
65
+
if ($default_email !== null) {
66
+
// We should bypass policy here becase e.g. limiting an application use
67
+
// to a subset of users should not allow the others to overwrite
68
+
// configured application emails
69
+
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())
70
+
->setViewer(PhabricatorUser::getOmnipotentUser())
71
+
->withAddresses(array($default_email))
72
+
->executeOne();
73
+
if ($application_email) {
74
+
$default_email = null;
75
+
}
76
+
}
65
77
66
78
if ($default_email !== null) {
67
79
// If the account source provided an email, but it's not allowed by
···
86
98
// If the account source provided an email, but another account already
87
99
// has that email, just pretend we didn't get an email.
88
100
89
-
// TODO: See T3340.
90
101
// TODO: See T3472.
91
102
92
103
if ($default_email !== null) {
+21
src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php
+21
src/applications/metamta/storage/PhabricatorMetaMTAApplicationEmail.php
···
61
61
return idx($this->configData, $key, $default);
62
62
}
63
63
64
+
65
+
public function getInUseMessage() {
66
+
$applications = PhabricatorApplication::getAllApplications();
67
+
$applications = mpull($applications, null, 'getPHID');
68
+
$application = idx(
69
+
$applications,
70
+
$this->getApplicationPHID());
71
+
if ($application) {
72
+
$message = pht(
73
+
'The address %s is configured to be used by the %s Application.',
74
+
$this->getAddress(),
75
+
$application->getName());
76
+
} else {
77
+
$message = pht(
78
+
'The address %s is configured to be used by an application.',
79
+
$this->getAddress());
80
+
}
81
+
82
+
return $message;
83
+
}
84
+
64
85
/* -( PhabricatorPolicyInterface )----------------------------------------- */
65
86
66
87
+8
src/applications/people/editor/PhabricatorUserEditor.php
+8
src/applications/people/editor/PhabricatorUserEditor.php
···
578
578
if (!PhabricatorUserEmail::isAllowedAddress($email->getAddress())) {
579
579
throw new Exception(PhabricatorUserEmail::describeAllowedAddresses());
580
580
}
581
+
582
+
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())
583
+
->setViewer(PhabricatorUser::getOmnipotentUser())
584
+
->withAddresses(array($email->getAddress()))
585
+
->executeOne();
586
+
if ($application_email) {
587
+
throw new Exception($application_email->getInUseMessage());
588
+
}
581
589
}
582
590
583
591
private function revokePasswordResetLinks(PhabricatorUser $user) {
+20
src/applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php
+20
src/applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php
···
53
53
$this->assertTrue($caught instanceof Exception);
54
54
}
55
55
56
+
public function testRegistrationEmailApplicationEmailCollide() {
57
+
$app_email = 'bugs@whitehouse.gov';
58
+
$app_email_object =
59
+
PhabricatorMetaMTAApplicationEmail::initializeNewAppEmail(
60
+
$this->generateNewTestUser());
61
+
$app_email_object->setAddress($app_email);
62
+
$app_email_object->setApplicationPHID('test');
63
+
$app_email_object->save();
64
+
65
+
$caught = null;
66
+
try {
67
+
$this->registerUser(
68
+
'PhabricatorUserEditorTestCaseDomain',
69
+
$app_email);
70
+
} catch (Exception $ex) {
71
+
$caught = $ex;
72
+
}
73
+
$this->assertTrue($caught instanceof Exception);
74
+
}
75
+
56
76
private function registerUser($username, $email) {
57
77
$user = id(new PhabricatorUser())
58
78
->setUsername($username)
+10
src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
+10
src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
···
185
185
$e_email = pht('Disallowed');
186
186
$errors[] = PhabricatorUserEmail::describeAllowedAddresses();
187
187
}
188
+
if ($e_email === true) {
189
+
$application_email = id(new PhabricatorMetaMTAApplicationEmailQuery())
190
+
->setViewer(PhabricatorUser::getOmnipotentUser())
191
+
->withAddresses(array($email))
192
+
->executeOne();
193
+
if ($application_email) {
194
+
$e_email = pht('In Use');
195
+
$errors[] = $application_email->getInUseMessage();
196
+
}
197
+
}
188
198
189
199
if (!$errors) {
190
200
$object = id(new PhabricatorUserEmail())