github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-31 21:25:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Do not add same email multiple times (#12322)

Browse Source 
The user and an admin could create multiple email change requests for
the same user. If any of the requests was validated and it became
primary, the other request could not be deleted anymore.
This commit is contained in:
Bianca Nenciu
2021-03-10 14:49:26 +02:00
committed by GitHub
parent 92ad2182f5
commit 9bd436c20b
4 changed files with 30 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
app/controllers/users_controller.rb
View File

@ -283,17 +283,14 @@ class UsersController < ApplicationController
user = fetch_user_from_params
guardian.ensure_can_edit!(user)
user_email = user.user_emails.find_by(email: params[:email])
if user_email&.primary
return render json: failed_json, status: 428
end
ActiveRecord::Base.transaction do
if user_email
user_email.destroy
if email = user.user_emails.find_by(email: params[:email], primary: false)
email.destroy
DiscourseEvent.trigger(:user_updated, user)
elsif
user.email_change_requests.where(new_email: params[:email]).destroy_all
elsif change_requests = user.email_change_requests.where(new_email: params[:email]).presence
change_requests.destroy_all
else
return render json: failed_json, status: 428
end
if current_user.staff? && current_user != user