From 380764dc92dd5e97db6dec5430bae2f517373748 Mon Sep 17 00:00:00 2001 From: Arpit Jalan Date: Sat, 16 Jan 2016 10:29:31 +0530 Subject: [PATCH] FIX: validate email when changing via user preferences page --- .../discourse/controllers/preferences/email.js.es6 | 8 +++----- app/controllers/users_controller.rb | 3 +++ spec/controllers/users_controller_spec.rb | 12 ++++++++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/app/assets/javascripts/discourse/controllers/preferences/email.js.es6 b/app/assets/javascripts/discourse/controllers/preferences/email.js.es6 index 83262902d..ae9c4ed6d 100644 --- a/app/assets/javascripts/discourse/controllers/preferences/email.js.es6 +++ b/app/assets/javascripts/discourse/controllers/preferences/email.js.es6 @@ -26,10 +26,10 @@ export default Ember.Controller.extend({ this.set('saving', true); return this.get('content').changeEmail(this.get('newEmail')).then(function() { self.set('success', true); - }, function(data) { + }, function(e) { self.setProperties({ error: true, saving: false }); - if (data.responseJSON && data.responseJSON.errors && data.responseJSON.errors[0]) { - self.set('errorMessage', data.responseJSON.errors[0]); + if (e.jqXHR.responseJSON && e.jqXHR.responseJSON.errors && e.jqXHR.responseJSON.errors[0]) { + self.set('errorMessage', e.jqXHR.responseJSON.errors[0]); } else { self.set('errorMessage', I18n.t('user.change_email.error')); } @@ -38,5 +38,3 @@ export default Ember.Controller.extend({ } }); - - diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index fb537e6a5..806ab3650 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -472,6 +472,9 @@ class UsersController < ApplicationController RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed! + EmailValidator.new(attributes: :email).validate_each(user, :email, lower_email) + return render_json_error(user.errors.full_messages) if user.errors[:email].present? + # Raise an error if the email is already in use if User.find_by_email(lower_email) raise Discourse::InvalidParameters.new(:email) diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb index 435f4fd2e..9547d957f 100644 --- a/spec/controllers/users_controller_spec.rb +++ b/spec/controllers/users_controller_spec.rb @@ -258,6 +258,18 @@ describe UsersController do end end + it 'raises an error when new email domain is present in email_domains_blacklist site setting' do + SiteSetting.email_domains_blacklist = "mailinator.com" + xhr :put, :change_email, username: user.username, email: "not_good@mailinator.com" + expect(response).to_not be_success + end + + it 'raises an error when new email domain is not present in email_domains_whitelist site setting' do + SiteSetting.email_domains_whitelist = "discourse.org" + xhr :put, :change_email, username: user.username, email: new_email + expect(response).to_not be_success + end + context 'success' do it 'has an email token' do