Item14506: More password and email change work

If an email is filtered during registration, preventing it's use, then the set email function should apply the same constraints. Also, if the system is configured to prevent duplicate email addresses, then the set email should also honor this restriction. Make sure that the REST handler cannot set the email for base accounts. Rework the unit tests to cover these conditions.
foswiki · Jan 12, 2018 · d008d5d · d008d5d
1 parent 4cada06
commit d008d5d
Show file tree

Hide file tree

Showing 4 changed files with 258 additions and 190 deletions.
diff --git a/PasswordManagementPlugin/lib/Foswiki/Plugins/PasswordManagementPlugin/Core.pm b/PasswordManagementPlugin/lib/Foswiki/Plugins/PasswordManagementPlugin/Core.pm
@@ -632,9 +632,19 @@ sub _RESTchangeEmail {
         throw Foswiki::OopsException(
             'password',
             status => 200,
-            topic  => $Foswiki::cfg{hometopicname},
+            topic  => $Foswiki::cfg{HomeTopicName},
             def    => 'not_a_user',
-            params => [$user],
+            params => [$login],
+        );
+    }
+
+    if ( $users->isInUserList( $user, \@notsupported ) ) {
+        throw Foswiki::OopsException(
+            'password',
+            status => 200,
+            topic  => $Foswiki::cfg{HomeTOpicName},
+            def    => 'no_change_base',
+            params => [$login],
         );
     }
 
@@ -688,6 +698,41 @@ sub _RESTchangeEmail {
         );
     }
 
+    # Optional check if email address is already registered
+    if ( $Foswiki::cfg{Register}{UniqueEmail} ) {
+        my @existingNames = Foswiki::Func::emailToWikiNames($email);
+        if ( scalar(@existingNames) ) {
+            $session->logger->log( 'warning',
+                "Email change rejected: $email already registered by: "
+                  . join( ', ', @existingNames ) );
+            throw Foswiki::OopsException(
+                'password',
+                web    => $webName,
+                topic  => $topic,
+                def    => 'dup_email',
+                params => [$email]
+            );
+        }
+    }
+
+    my $emailFilter;
+    $emailFilter = qr/$Foswiki::cfg{Register}{EmailFilter}/ix
+      if ( length( $Foswiki::cfg{Register}{EmailFilter} ) );
+    if ( defined $emailFilter
+        && $email =~ $emailFilter )
+    {
+        $session->logger->log( 'warning',
+"Email change rejected: $email rejected by the {Register}{EmailFilter}."
+        );
+        throw Foswiki::OopsException(
+            'password',
+            def    => 'rej_email',
+            web    => $webname,
+            topic  => $topic,
+            params => [$email]
+        );
+    }
+
     if ( defined $email ) {
 
         my $oldEmails = join( ', ', $users->getEmails($cUID) );

diff --git a/PasswordManagementPlugin/templates/passwordmessages.tmpl b/PasswordManagementPlugin/templates/passwordmessages.tmpl
@@ -45,6 +45,26 @@
 ---+++ %MAKETEXT{"Password reset failed"}%
 %MAKETEXT{"Multiple users share the entered email address. Please used your !WikiName to reset your password."}%
 
+%MAKETEXT{"Please go back in your browser and try again."}%
+%TMPL:END%
+%{==============================================================================}%
+%TMPL:DEF{"rej_email"}%
+---+++ %MAKETEXT{"Invalid e-mail address"}%
+%MAKETEXT{"The requested e-mail address has been rejected by system filters."}%
+
+%PARAM1%
+
+%MAKETEXT{"Please go back in your browser and try again."}%
+%TMPL:END%
+%{==============================================================================}%
+%TMPL:DEF{"dup_email"}%
+---+++ %MAKETEXT{"Invalid e-mail address"}%
+%MAKETEXT{"The new e-mail address that you requested is already registered to another user."}%
+
+%MAKETEXT{"Please contact [_1] if you need assistance." args="%WIKIWEBMASTER%"}%
+
+%PARAM1%
+
 %MAKETEXT{"Please go back in your browser and try again."}%
 %TMPL:END%
 %{==============================================================================}%
@@ -75,15 +95,6 @@
 
 %PARAM1%
 
-%MAKETEXT{"Please go back in your browser and try again."}%
-%TMPL:END%
-%{==============================================================================}%
-%TMPL:DEF{"rej_email"}%
----+++ %MAKETEXT{"Invalid e-mail address"}%
-%MAKETEXT{"The e-mail address for this account has been rejected."}%
-
-%PARAM1%
-
 %MAKETEXT{"Please go back in your browser and try again."}%
 %TMPL:END%
 %{==============================================================================}%
@@ -170,8 +181,3 @@
 
 *[[%USERSWEB%.%HOMETOPIC%][%MAKETEXT{"OK"}%]]*
 %TMPL:END%
-%{==============================================================================}%
-%TMPL:DEF{"user_param_required"}%
----+++ %MAKETEXT{"User Account was not supplied"}%
-%MAKETEXT{"Return to [_1] and supply a [[[_2]][WikiName]] or [[[_3]][username]]." args="[[%WEB%.%TOPIC%]], %SYSTEMWEB%.WikiName, %SYSTEMWEB%.UserName"}%
-%TMPL:END%