FIX: validate email when changing via user preferences page

2024-11-23 23:58:31 -05:00 · 2016-01-16 10:29:31 +05:30 · 2016-01-16 10:29:31 +05:30 · 380764dc92
commit 380764dc92
parent 1fb3c2cee6
3 changed files with 18 additions and 5 deletions
--- a/app/assets/javascripts/discourse/controllers/preferences/email.js.es6
+++ b/app/assets/javascripts/discourse/controllers/preferences/email.js.es6
@ -26,10 +26,10 @@ export default Ember.Controller.extend({
      this.set('saving', true);
      return this.get('content').changeEmail(this.get('newEmail')).then(function() {
        self.set('success', true);
-      }, function(data) {
+      }, function(e) {
        self.setProperties({ error: true, saving: false });
-        if (data.responseJSON && data.responseJSON.errors && data.responseJSON.errors[0]) {
-          self.set('errorMessage', data.responseJSON.errors[0]);
+        if (e.jqXHR.responseJSON && e.jqXHR.responseJSON.errors && e.jqXHR.responseJSON.errors[0]) {
+          self.set('errorMessage', e.jqXHR.responseJSON.errors[0]);
        } else {
          self.set('errorMessage', I18n.t('user.change_email.error'));
        }
@ -38,5 +38,3 @@ export default Ember.Controller.extend({
  }

 });
-
-
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -472,6 +472,9 @@ class UsersController < ApplicationController
    RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!
    RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!

+    EmailValidator.new(attributes: :email).validate_each(user, :email, lower_email)
+    return render_json_error(user.errors.full_messages) if user.errors[:email].present?
+
    # Raise an error if the email is already in use
    if User.find_by_email(lower_email)
      raise Discourse::InvalidParameters.new(:email)
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -258,6 +258,18 @@ describe UsersController do
        end
      end

+      it 'raises an error when new email domain is present in email_domains_blacklist site setting' do
+        SiteSetting.email_domains_blacklist = "mailinator.com"
+        xhr :put, :change_email, username: user.username, email: "not_good@mailinator.com"
+        expect(response).to_not be_success
+      end
+
+      it 'raises an error when new email domain is not present in email_domains_whitelist site setting' do
+        SiteSetting.email_domains_whitelist = "discourse.org"
+        xhr :put, :change_email, username: user.username, email: new_email
+        expect(response).to_not be_success
+      end
+
      context 'success' do

        it 'has an email token' do