[v12.0/forgejo] fix: ensure GetUserByEmail only considers validated emails (#9085)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9075 Only validated emails can be used to: - assert if a signature can be trusted or, - to assign comments, issues to an existing user during a migration The emails that were not yet validated could previously used as if they were validated, incorrectly showing commits as trusted or assigning comments, issues to the user associated with this email during migrations. Existing migrations are not modified when they were incorrectly assigned to an email that is not validated. The trust status of all commit signatures will now show differently depending on the validation status of an email. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9075): <!--number 9075 --><!--line 0 --><!--description ZW5zdXJlIEdldFVzZXJCeUVtYWlsIG9ubHkgY29uc2lkZXJzIHZhbGlkYXRlZCBlbWFpbHM=-->ensure GetUserByEmail only considers validated emails<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9085 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
This commit is contained in:
forgejo-backport-action
Earl Warren
parent
43664f79b9
commit
3210151955
2 changed files with 24 additions and 2 deletions
|
|
@ -1163,8 +1163,8 @@ func GetUserByEmail(ctx context.Context, email string) (*User, error) {
|
|||
|
||||
email = strings.ToLower(email)
|
||||
// Otherwise, check in alternative list for activated email addresses
|
||||
emailAddress := &EmailAddress{LowerEmail: email, IsActivated: true}
|
||||
has, err := db.GetEngine(ctx).Get(emailAddress)
|
||||
emailAddress := &EmailAddress{}
|
||||
has, err := db.GetEngine(ctx).Where("lower_email = ? AND is_activated = ?", email, true).Get(emailAddress)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -835,3 +835,25 @@ func TestPronounsPrivacy(t *testing.T) {
|
|||
assert.Equal(t, "any", user.GetPronouns(true))
|
||||
})
|
||||
}
|
||||
|
||||
func TestGetUserByEmail(t *testing.T) {
|
||||
require.NoError(t, unittest.PrepareTestDatabase())
|
||||
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
u, err := user_model.GetUserByEmail(t.Context(), "user2@example.com")
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, 2, u.ID)
|
||||
})
|
||||
|
||||
t.Run("Not activated", func(t *testing.T) {
|
||||
u, err := user_model.GetUserByEmail(t.Context(), "user11@example.com")
|
||||
require.ErrorIs(t, err, user_model.ErrUserNotExist{Name: "user11@example.com"})
|
||||
assert.Nil(t, u)
|
||||
})
|
||||
|
||||
t.Run("Not primary", func(t *testing.T) {
|
||||
u, err := user_model.GetUserByEmail(t.Context(), "user1-3@example.com")
|
||||
require.NoError(t, err)
|
||||
assert.EqualValues(t, 1, u.ID)
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue