Skip email domain check when admin users adds user manually (#29522)
Fix #27457 Administrators should be able to manually create any user even if the user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`. (cherry picked from commit 4fd9c56ed09b31e2f6164a5f534a31c6624d0478)
This commit is contained in:
Zettat123
Earl Warren
parent
907c3d0c20
commit
b6057a34db
5 changed files with 93 additions and 32 deletions
|
|
@ -157,37 +157,18 @@ func UpdateEmailAddress(ctx context.Context, email *EmailAddress) error {
|
|||
|
||||
var emailRegexp = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+-/=?^_`{|}~]*@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
|
||||
|
||||
// ValidateEmail check if email is a allowed address
|
||||
// ValidateEmail check if email is a valid & allowed address
|
||||
func ValidateEmail(email string) error {
|
||||
if len(email) == 0 {
|
||||
return ErrEmailInvalid{email}
|
||||
if err := validateEmailBasic(email); err != nil {
|
||||
return err
|
||||
}
|
||||
return validateEmailDomain(email)
|
||||
}
|
||||
|
||||
if !emailRegexp.MatchString(email) {
|
||||
return ErrEmailCharIsNotSupported{email}
|
||||
}
|
||||
|
||||
if email[0] == '-' {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
if _, err := mail.ParseAddress(email); err != nil {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
// if there is no allow list, then check email against block list
|
||||
if len(setting.Service.EmailDomainAllowList) == 0 &&
|
||||
validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
// if there is an allow list, then check email against allow list
|
||||
if len(setting.Service.EmailDomainAllowList) > 0 &&
|
||||
!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
return nil
|
||||
// ValidateEmailForAdmin check if email is a valid address when admins manually add users
|
||||
func ValidateEmailForAdmin(email string) error {
|
||||
return validateEmailBasic(email)
|
||||
// In this case we do not need to check the email domain
|
||||
}
|
||||
|
||||
func GetEmailAddressByEmail(ctx context.Context, email string) (*EmailAddress, error) {
|
||||
|
|
@ -543,3 +524,41 @@ func ActivateUserEmail(ctx context.Context, userID int64, email string, activate
|
|||
|
||||
return committer.Commit()
|
||||
}
|
||||
|
||||
// validateEmailBasic checks whether the email complies with the rules
|
||||
func validateEmailBasic(email string) error {
|
||||
if len(email) == 0 {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
if !emailRegexp.MatchString(email) {
|
||||
return ErrEmailCharIsNotSupported{email}
|
||||
}
|
||||
|
||||
if email[0] == '-' {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
if _, err := mail.ParseAddress(email); err != nil {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// validateEmailDomain checks whether the email domain is allowed or blocked
|
||||
func validateEmailDomain(email string) error {
|
||||
// if there is no allow list, then check email against block list
|
||||
if len(setting.Service.EmailDomainAllowList) == 0 &&
|
||||
validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
// if there is an allow list, then check email against allow list
|
||||
if len(setting.Service.EmailDomainAllowList) > 0 &&
|
||||
!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -598,6 +598,16 @@ type CreateUserOverwriteOptions struct {
|
|||
|
||||
// CreateUser creates record of a new user.
|
||||
func CreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
|
||||
return createUser(ctx, u, false, overwriteDefault...)
|
||||
}
|
||||
|
||||
// AdminCreateUser is used by admins to manually create users
|
||||
func AdminCreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
|
||||
return createUser(ctx, u, true, overwriteDefault...)
|
||||
}
|
||||
|
||||
// createUser creates record of a new user.
|
||||
func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
|
||||
if err = IsUsableUsername(u.Name); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -651,8 +661,14 @@ func CreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOve
|
|||
return err
|
||||
}
|
||||
|
||||
if err := ValidateEmail(u.Email); err != nil {
|
||||
return err
|
||||
if createdByAdmin {
|
||||
if err := ValidateEmailForAdmin(u.Email); err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
if err := ValidateEmail(u.Email); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
ctx, committer, err := db.TxContext(ctx)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue