Merge pull request #5469 from tgxworld/add_guard_to_prevent_primary_email_from_being_reassigned

FIX: Add guard to prevent a primary `UserEmail` from being reassigned.
This commit is contained in:
Guo Xiang Tan 2018-01-09 13:35:08 +08:00 committed by GitHub
commit e90187cbf7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 0 deletions

View File

@ -12,6 +12,8 @@ class UserEmail < ActiveRecord::Base
validates :email, email: true, format: { with: EmailValidator.email_regex }, validates :email, email: true, format: { with: EmailValidator.email_regex },
if: :validate_email? if: :validate_email?
validate :user_id_not_changed, if: :primary
validates :primary, uniqueness: { scope: [:user_id] } validates :primary, uniqueness: { scope: [:user_id] }
private private
@ -27,6 +29,14 @@ class UserEmail < ActiveRecord::Base
return false if self.skip_validate_email return false if self.skip_validate_email
email_changed? email_changed?
end end
def user_id_not_changed
if self.will_save_change_to_user_id? && self.persisted?
self.errors.add(:user_id, I18n.t(
'active_record.errors.model.user_email.attributes.user_id.reassigning_primary_email')
)
end
end
end end
# == Schema Information # == Schema Information

View File

@ -403,6 +403,10 @@ en:
unique_characters: "has too many repeated characters. Please use a more secure password." unique_characters: "has too many repeated characters. Please use a more secure password."
ip_address: ip_address:
signup_not_allowed: "Signup is not allowed from this account." signup_not_allowed: "Signup is not allowed from this account."
user_email:
attributes:
user_id:
reassigning_primary_email: "Reassigning a primary email to another user is not allowed."
color_scheme_color: color_scheme_color:
attributes: attributes:
hex: hex:

View File

@ -37,6 +37,18 @@ describe User do
expect(user.errors.messages).to include(:primary_email) expect(user.errors.messages).to include(:primary_email)
end end
end end
describe 'when primary_email is being reassigned to another user' do
it "should not be valid" do
user2 = Fabricate.build(:user, email: nil)
user.save!
user2.primary_email = user.primary_email
expect(user2).to_not be_valid
expect(user2.errors.messages).to include(:primary_email)
expect(user2.primary_email.errors.messages).to include(:user_id)
end
end
end end
end end