diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml index 47b69810a61..8b0c98b77c0 100644 --- a/config/locales/server.en.yml +++ b/config/locales/server.en.yml @@ -883,6 +883,7 @@ en: error_staged: "There was an error changing your email address. The address is already in use by a staged user." already_done: "Sorry, this confirmation link is no longer valid. Perhaps your email was already changed?" confirm: "Confirm" + max_secondary_emails_error: "You have reached the maximum allowed secondary emails limit." authorizing_new: title: "Confirm your new email" diff --git a/config/site_settings.yml b/config/site_settings.yml index 90cd1922ae9..8c36cc0f34e 100644 --- a/config/site_settings.yml +++ b/config/site_settings.yml @@ -1769,6 +1769,9 @@ rate_limits: max: 1000000 default: 10 client: true + max_allowed_secondary_emails: + default: 10 + hidden: true developer: force_hostname: diff --git a/lib/email_updater.rb b/lib/email_updater.rb index 68724a908d2..5c99219b544 100644 --- a/lib/email_updater.rb +++ b/lib/email_updater.rb @@ -31,9 +31,16 @@ class EmailUpdater end end - return if errors.present? || existing_user.present? + if add + secondary_emails_count = @user.secondary_emails.count + if secondary_emails_count >= SiteSetting.max_allowed_secondary_emails + errors.add(:base, I18n.t("change_email.max_secondary_emails_error")) + end + else + old_email = @user.email + end - old_email = @user.email if !add + return if errors.present? || existing_user.present? if @guardian.is_staff? && @guardian.user != @user StaffActionLogger.new(@guardian.user).log_add_email(@user) diff --git a/spec/components/email_updater_spec.rb b/spec/components/email_updater_spec.rb index d10ec0b8bd7..f70c009b507 100644 --- a/spec/components/email_updater_spec.rb +++ b/spec/components/email_updater_spec.rb @@ -239,6 +239,23 @@ describe EmailUpdater do end end end + + context "max_allowed_secondary_emails" do + let(:secondary_email_1) { "secondary_1@email.com" } + let(:secondary_email_2) { "secondary_2@email.com" } + + before do + SiteSetting.max_allowed_secondary_emails = 2 + Fabricate(:secondary_email, user: user, primary: false, email: secondary_email_1) + Fabricate(:secondary_email, user: user, primary: false, email: secondary_email_2) + end + + it "max secondary_emails limit reached" do + updater.change_to(new_email, add: true) + expect(updater.errors).to be_present + expect(updater.errors.messages[:base].first).to be I18n.t("change_email.max_secondary_emails_error") + end + end end context 'as a staff user' do