From b9e8474e11ea3717bfb98210db3dda689f9437d5 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 4 Nov 2021 22:16:02 +0800 Subject: [PATCH 1/9] Fix database inconsistent when admin change user email --- models/user/user.go | 30 +++++++++++++++++++++++++++--- routers/api/v1/admin/user.go | 5 ++++- routers/api/v1/user/settings.go | 2 +- routers/web/admin/users.go | 3 ++- routers/web/org/setting.go | 2 +- 5 files changed, 35 insertions(+), 7 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index f8ccee0b38907..cd332373e3187 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -796,18 +796,42 @@ func validateUser(u *User) error { return ValidateEmail(u.Email) } -func updateUser(e db.Engine, u *User) error { +func updateUser(e db.Engine, u *User, emailChanged bool) error { if err := validateUser(u); err != nil { return err } + if emailChanged { + var emailAddress EmailAddress + has, err := e.Where("lower_email=?", strings.ToLower(u.Email)).Get(&emailAddress) + if err != nil { + return err + } + if !has { + // 1. Update old primary email + if _, err = e.Where("uid=? AND is_primary=?", u.ID, true).Cols("is_primary").Update(&EmailAddress{ + IsPrimary: false, + }); err != nil { + return err + } + + emailAddress.Email = u.Email + emailAddress.UID = u.ID + emailAddress.IsActivated = true + emailAddress.IsPrimary = true + if _, err := e.Insert(&emailAddress); err != nil { + return err + } + } + } + _, err := e.ID(u.ID).AllCols().Update(u) return err } // UpdateUser updates user's information. -func UpdateUser(u *User) error { - return updateUser(db.GetEngine(db.DefaultContext), u) +func UpdateUser(u *User, emailChanged bool) error { + return updateUser(db.GetEngine(db.DefaultContext), u, emailChanged) } // UpdateUserCols update user according special columns diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index e50abb5937641..08084d958319a 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -9,6 +9,7 @@ import ( "errors" "fmt" "net/http" + "strings" "code.gitea.io/gitea/models" "code.gitea.io/gitea/models/db" @@ -203,7 +204,9 @@ func EditUser(ctx *context.APIContext) { if form.FullName != nil { u.FullName = *form.FullName } + var emailChanged bool if form.Email != nil { + emailChanged = !strings.EqualFold(u.Email, *form.Email) u.Email = *form.Email if len(u.Email) == 0 { ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string")) @@ -247,7 +250,7 @@ func EditUser(ctx *context.APIContext) { u.IsRestricted = *form.Restricted } - if err := user_model.UpdateUser(u); err != nil { + if err := user_model.UpdateUser(u, emailChanged); err != nil { if user_model.IsErrEmailAlreadyUsed(err) || user_model.IsErrEmailInvalid(err) { ctx.Error(http.StatusUnprocessableEntity, "", err) } else { diff --git a/routers/api/v1/user/settings.go b/routers/api/v1/user/settings.go index 40bee566811bd..5f4d76ed72184 100644 --- a/routers/api/v1/user/settings.go +++ b/routers/api/v1/user/settings.go @@ -74,7 +74,7 @@ func UpdateUserSettings(ctx *context.APIContext) { ctx.User.KeepActivityPrivate = *form.HideActivity } - if err := user_model.UpdateUser(ctx.User); err != nil { + if err := user_model.UpdateUser(ctx.User, false); err != nil { ctx.InternalServerError(err) return } diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index b92c5cf01a8e4..4b8a865cda197 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -332,6 +332,7 @@ func EditUserPost(ctx *context.Context) { u.LoginName = form.LoginName u.FullName = form.FullName + emailChanged := !strings.EqualFold(u.Email, form.Email) u.Email = form.Email u.Website = form.Website u.Location = form.Location @@ -352,7 +353,7 @@ func EditUserPost(ctx *context.Context) { u.ProhibitLogin = form.ProhibitLogin } - if err := user_model.UpdateUser(u); err != nil { + if err := user_model.UpdateUser(u, emailChanged); err != nil { if user_model.IsErrEmailAlreadyUsed(err) { ctx.Data["Err_Email"] = true ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form) diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go index f0e1db14d086f..c1f0d7633f120 100644 --- a/routers/web/org/setting.go +++ b/routers/web/org/setting.go @@ -102,7 +102,7 @@ func SettingsPost(ctx *context.Context) { visibilityChanged := form.Visibility != org.Visibility org.Visibility = form.Visibility - if err := user_model.UpdateUser(org.AsUser()); err != nil { + if err := user_model.UpdateUser(org.AsUser(), false); err != nil { ctx.ServerError("UpdateUser", err) return } From 1fd991bf7ec064f44bf2057b1ab0cde4d25994c9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 5 Nov 2021 14:13:41 +0800 Subject: [PATCH 2/9] Add missing condition --- models/user/user.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/models/user/user.go b/models/user/user.go index cd332373e3187..0ed00ed3d92c3 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -822,6 +822,12 @@ func updateUser(e db.Engine, u *User, emailChanged bool) error { if _, err := e.Insert(&emailAddress); err != nil { return err } + } else { + if _, err := e.ID(emailAddress).Cols("is_primary").Update(&EmailAddress{ + IsPrimary: true, + }); err != nil { + return err + } } } From c130a94109e0dba55325ee3b4a77d0f4cf852598 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 5 Nov 2021 14:23:32 +0800 Subject: [PATCH 3/9] Fix test --- models/user/user.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index 0ed00ed3d92c3..c80f10295cdb0 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -822,12 +822,10 @@ func updateUser(e db.Engine, u *User, emailChanged bool) error { if _, err := e.Insert(&emailAddress); err != nil { return err } - } else { - if _, err := e.ID(emailAddress).Cols("is_primary").Update(&EmailAddress{ - IsPrimary: true, - }); err != nil { - return err - } + } else if _, err := e.ID(emailAddress).Cols("is_primary").Update(&EmailAddress{ + IsPrimary: true, + }); err != nil { + return err } } From 50032a10aa0c2e4760773094966943d8251d0ac9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 8 Nov 2021 15:38:32 +0800 Subject: [PATCH 4/9] Fix bug --- models/user/user.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index c80f10295cdb0..101c73c11c721 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -796,12 +796,14 @@ func validateUser(u *User) error { return ValidateEmail(u.Email) } -func updateUser(e db.Engine, u *User, emailChanged bool) error { +func updateUser(ctx context.Context, u *User, changePrimaryEmail bool) error { if err := validateUser(u); err != nil { return err } - if emailChanged { + e := db.GetEngine(ctx) + + if changePrimaryEmail { var emailAddress EmailAddress has, err := e.Where("lower_email=?", strings.ToLower(u.Email)).Get(&emailAddress) if err != nil { From 003714bd961f2b18bdd6c22113a00a5ec0d8aadd Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 11 Nov 2021 20:39:01 +0800 Subject: [PATCH 5/9] Fix bug --- models/user/user.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/user/user.go b/models/user/user.go index 101c73c11c721..5834673437aa3 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -837,7 +837,7 @@ func updateUser(ctx context.Context, u *User, changePrimaryEmail bool) error { // UpdateUser updates user's information. func UpdateUser(u *User, emailChanged bool) error { - return updateUser(db.GetEngine(db.DefaultContext), u, emailChanged) + return updateUser(db.DefaultContext, u, emailChanged) } // UpdateUserCols update user according special columns From 03b77046869f15a08035b1b482136f6af3539a7e Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Wed, 17 Nov 2021 20:11:12 +0800 Subject: [PATCH 6/9] Add email validation --- routers/api/v1/admin/user.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index 08084d958319a..e54cf42deed92 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -206,6 +206,11 @@ func EditUser(ctx *context.APIContext) { } var emailChanged bool if form.Email != nil { + if err := user_model.ValidateEmail(*form.Email); err != nil { + ctx.InternalServerError(err) + return + } + emailChanged = !strings.EqualFold(u.Email, *form.Email) u.Email = *form.Email if len(u.Email) == 0 { From 45611b5f0f9a2feb5af45f2ae0892c392716b41c Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Wed, 17 Nov 2021 20:13:33 +0800 Subject: [PATCH 7/9] check empty input --- routers/api/v1/admin/user.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go index e54cf42deed92..b93c628072f67 100644 --- a/routers/api/v1/admin/user.go +++ b/routers/api/v1/admin/user.go @@ -206,17 +206,19 @@ func EditUser(ctx *context.APIContext) { } var emailChanged bool if form.Email != nil { - if err := user_model.ValidateEmail(*form.Email); err != nil { - ctx.InternalServerError(err) + email := strings.TrimSpace(*form.Email) + if len(email) == 0 { + ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string")) return } - emailChanged = !strings.EqualFold(u.Email, *form.Email) - u.Email = *form.Email - if len(u.Email) == 0 { - ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string")) + if err := user_model.ValidateEmail(email); err != nil { + ctx.InternalServerError(err) return } + + emailChanged = !strings.EqualFold(u.Email, email) + u.Email = email } if form.Website != nil { u.Website = *form.Website From fc5875b30e0ae0f72c695d3cd8e475cf622373ea Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 25 Nov 2021 10:16:03 +0800 Subject: [PATCH 8/9] Merge --- models/user/user.go | 5 ++--- models/user/user_test.go | 6 +++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index 5834673437aa3..62f2aa472d22e 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -866,14 +866,13 @@ func UpdateUserSetting(u *User) (err error) { return err } defer committer.Close() - sess := db.GetEngine(ctx) if !u.IsOrganization() { - if err = checkDupEmail(sess, u); err != nil { + if err = checkDupEmail(db.GetEngine(ctx), u); err != nil { return err } } - if err = updateUser(sess, u); err != nil { + if err = updateUser(ctx, u, false); err != nil { return err } return committer.Commit() diff --git a/models/user/user_test.go b/models/user/user_test.go index ac49852254c2b..f4acb923788fb 100644 --- a/models/user/user_test.go +++ b/models/user/user_test.go @@ -273,19 +273,19 @@ func TestUpdateUser(t *testing.T) { user := unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) user.KeepActivityPrivate = true - assert.NoError(t, UpdateUser(user)) + assert.NoError(t, UpdateUser(user, false)) user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) assert.True(t, user.KeepActivityPrivate) setting.Service.AllowedUserVisibilityModesSlice = []bool{true, false, false} user.KeepActivityPrivate = false user.Visibility = structs.VisibleTypePrivate - assert.Error(t, UpdateUser(user)) + assert.Error(t, UpdateUser(user, false)) user = unittest.AssertExistsAndLoadBean(t, &User{ID: 2}).(*User) assert.True(t, user.KeepActivityPrivate) user.Email = "no mail@mail.org" - assert.Error(t, UpdateUser(user)) + assert.Error(t, UpdateUser(user, true)) } func TestNewUserRedirect(t *testing.T) { From 47c63fff83a95c997951cb6f9111a72769e7f62a Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Thu, 25 Nov 2021 21:14:59 +0800 Subject: [PATCH 9/9] Validate Email before change user's email --- routers/web/admin/users.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go index 4b8a865cda197..044efa0099128 100644 --- a/routers/web/admin/users.go +++ b/routers/web/admin/users.go @@ -298,6 +298,13 @@ func EditUserPost(ctx *context.Context) { ctx.RenderWithErr(errMsg, tplUserNew, &form) return } + + if err := user_model.ValidateEmail(form.Email); err != nil { + ctx.Data["Err_Email"] = true + ctx.RenderWithErr(ctx.Tr("form.email_error"), tplUserNew, &form) + return + } + if u.Salt, err = user_model.GetUserSalt(); err != nil { ctx.ServerError("UpdateUser", err) return