opendev/gerrit
Code Issues Proposed changes

Require preferred email to be a verified address

Browse Source 
Warn the user if they attempt to select a preferred email
address that has not been previously verified and stored in the
account_external_ids table. This reduces the chances the server
will have email notifications bounce because a user subscribed to
changes and entered an invalid preferred email address.

Change-Id: Ib00fc25fb11445968bc4114a2b16ccb08437a699
This commit is contained in:
Shawn Pearce
2013-05-17 09:47:18 -07:00
parent af5d1dc36e
commit 4f6c76e758
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gerrit-httpd/src/main/java/com/google/gerrit/httpd/rpc/account/AccountSecurityImpl.java
View File

@@ -14,6 +14,7 @@
package com.google.gerrit.httpd.rpc.account;
import com.google.common.base.Strings;
import com.google.gerrit.common.ChangeHooks;
import com.google.gerrit.common.data.AccountSecurity;
import com.google.gerrit.common.data.ContributorAgreement;
@@ -22,6 +23,7 @@ import com.google.gerrit.common.errors.InvalidSshKeyException;
import com.google.gerrit.common.errors.NameAlreadyUsedException;
import com.google.gerrit.common.errors.NoSuchEntityException;
import com.google.gerrit.common.errors.NoSuchGroupException;
import com.google.gerrit.common.errors.PermissionDeniedException;
import com.google.gerrit.httpd.rpc.BaseServiceImplementation;
import com.google.gerrit.httpd.rpc.Handler;
import com.google.gerrit.reviewdb.client.Account;
@@ -230,12 +232,17 @@ class AccountSecurityImpl extends BaseServiceImplementation implements
final ContactInformation info, final AsyncCallback<Account> callback) {
run(callback, new Action<Account>() {
public Account run(ReviewDb db) throws OrmException, Failure {
final Account me = db.accounts().get(user.get().getAccountId());
IdentifiedUser self = user.get();
final Account me = db.accounts().get(self.getAccountId());
final String oldEmail = me.getPreferredEmail();
if (realm.allowsEdit(Account.FieldName.FULL_NAME)) {
me.setFullName(name != null && !name.isEmpty() ? name : null);
me.setFullName(Strings.emptyToNull(name));
}
me.setPreferredEmail(emailAddr);
if (!Strings.isNullOrEmpty(emailAddr)
&& !self.getEmailAddresses().contains(emailAddr)) {
throw new Failure(new PermissionDeniedException("Email address must be verified"));
}
me.setPreferredEmail(Strings.emptyToNull(emailAddr));
if (useContactInfo) {
if (ContactInformation.hasAddress(info)
|| (me.isContactFiled() && ContactInformation.hasData(info))) {