mirror of
https://github.com/discourse/discourse.git
synced 2025-01-18 11:42:53 +08:00
FIX: Perform better email validation (#12497)
Using UserEmail for validation is not sufficient because it checks the emails of staged users too.
This commit is contained in:
parent
be5ed73f08
commit
f3eab6a86a
|
@ -524,20 +524,38 @@ class UsersController < ApplicationController
|
|||
end
|
||||
|
||||
def check_email
|
||||
RateLimiter.new(nil, "check-email-#{request.remote_ip}", 10, 1.minute).performed!
|
||||
|
||||
if SiteSetting.hide_email_address_taken?
|
||||
begin
|
||||
RateLimiter.new(nil, "check-email-#{request.remote_ip}", 10, 1.minute).performed!
|
||||
rescue RateLimiter::LimitExceeded
|
||||
return render json: success_json
|
||||
end
|
||||
|
||||
user_email = UserEmail.new(email: params[:email])
|
||||
email = Email.downcase((params[:email] || "").strip)
|
||||
|
||||
if user_email.valid?
|
||||
render json: success_json
|
||||
else
|
||||
render json: failed_json.merge(errors: user_email.errors.full_messages)
|
||||
if email.blank? || SiteSetting.hide_email_address_taken?
|
||||
return render json: success_json
|
||||
end
|
||||
rescue RateLimiter::LimitExceeded
|
||||
|
||||
if !(email =~ EmailValidator.email_regex)
|
||||
error = User.new.errors.full_message(:email, I18n.t(:'user.email.invalid'))
|
||||
return render json: failed_json.merge(errors: [error])
|
||||
end
|
||||
|
||||
if !EmailValidator.allowed?(email)
|
||||
error = User.new.errors.full_message(:email, I18n.t(:'user.email.not_allowed'))
|
||||
return render json: failed_json.merge(errors: [error])
|
||||
end
|
||||
|
||||
if ScreenedEmail.should_block?(email)
|
||||
error = User.new.errors.full_message(:email, I18n.t(:'user.email.blocked'))
|
||||
return render json: failed_json.merge(errors: [error])
|
||||
end
|
||||
|
||||
if User.where(staged: false).find_by_email(email).present?
|
||||
error = User.new.errors.full_message(:email, I18n.t(:'errors.messages.taken'))
|
||||
return render json: failed_json.merge(errors: [error])
|
||||
end
|
||||
|
||||
render json: success_json
|
||||
end
|
||||
|
||||
|
|
|
@ -1592,6 +1592,11 @@ describe UsersController do
|
|||
expect(response.parsed_body["success"]).to be_present
|
||||
end
|
||||
|
||||
it 'returns success if email is empty' do
|
||||
get "/u/check_email.json"
|
||||
expect(response.parsed_body["success"]).to be_present
|
||||
end
|
||||
|
||||
it 'returns failure if email is not valid' do
|
||||
get "/u/check_email.json", params: { email: "invalid" }
|
||||
expect(response.parsed_body["failed"]).to be_present
|
||||
|
@ -1600,12 +1605,20 @@ describe UsersController do
|
|||
it 'returns failure if email exists' do
|
||||
get "/u/check_email.json", params: { email: user.email }
|
||||
expect(response.parsed_body["failed"]).to be_present
|
||||
|
||||
get "/u/check_email.json", params: { email: user.email.upcase }
|
||||
expect(response.parsed_body["failed"]).to be_present
|
||||
end
|
||||
|
||||
it 'returns success if email does not exists' do
|
||||
get "/u/check_email.json", params: { email: "available@example.com" }
|
||||
expect(response.parsed_body["success"]).to be_present
|
||||
end
|
||||
|
||||
it 'return success if user email is taken by staged user' do
|
||||
get "/u/check_email.json", params: { email: Fabricate(:staged).email }
|
||||
expect(response.parsed_body["success"]).to be_present
|
||||
end
|
||||
end
|
||||
|
||||
describe '#invited' do
|
||||
|
|
Loading…
Reference in New Issue
Block a user