codeninjasllc/discourse
1
0
Fork 0
mirror of https://github.com/codeninjasllc/discourse.git synced 2024-11-27 17:46:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

FIX: validate email when changing via user preferences page

Browse source
This commit is contained in:
Arpit Jalan 2016-01-16 10:29:31 +05:30
parent 1fb3c2cee6
commit 380764dc92
3 changed files with 18 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/assets/javascripts/discourse/controllers/preferences/email.js.es6
View file

@ -26,10 +26,10 @@ export default Ember.Controller.extend({
this.set('saving', true); this.set('saving', true);
return this.get('content').changeEmail(this.get('newEmail')).then(function() { return this.get('content').changeEmail(this.get('newEmail')).then(function() {
self.set('success', true); self.set('success', true);
}, function(data) { }, function(e) {
self.setProperties({ error: true, saving: false }); self.setProperties({ error: true, saving: false });
if (data.responseJSON && data.responseJSON.errors && data.responseJSON.errors[0]) { if (e.jqXHR.responseJSON && e.jqXHR.responseJSON.errors && e.jqXHR.responseJSON.errors[0]) {
self.set('errorMessage', data.responseJSON.errors[0]); self.set('errorMessage', e.jqXHR.responseJSON.errors[0]);
} else { } else {
self.set('errorMessage', I18n.t('user.change_email.error')); self.set('errorMessage', I18n.t('user.change_email.error'));
} }
@ -38,5 +38,3 @@ export default Ember.Controller.extend({
} }
}); });

3
app/controllers/users_controller.rb
View file

@ -472,6 +472,9 @@ class UsersController < ApplicationController
RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed! RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!
RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed! RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!
EmailValidator.new(attributes: :email).validate_each(user, :email, lower_email)
return render_json_error(user.errors.full_messages) if user.errors[:email].present?
# Raise an error if the email is already in use # Raise an error if the email is already in use
if User.find_by_email(lower_email) if User.find_by_email(lower_email)
raise Discourse::InvalidParameters.new(:email) raise Discourse::InvalidParameters.new(:email)

12
spec/controllers/users_controller_spec.rb
View file

@ -258,6 +258,18 @@ describe UsersController do
end end
end end
it 'raises an error when new email domain is present in email_domains_blacklist site setting' do
SiteSetting.email_domains_blacklist = "mailinator.com"
xhr :put, :change_email, username: user.username, email: "not_good@mailinator.com"
expect(response).to_not be_success
end
it 'raises an error when new email domain is not present in email_domains_whitelist site setting' do
SiteSetting.email_domains_whitelist = "discourse.org"
xhr :put, :change_email, username: user.username, email: new_email
expect(response).to_not be_success
end
context 'success' do context 'success' do
it 'has an email token' do it 'has an email token' do