Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skip email domain check when admin users adds user manually #29522

Merged
merged 12 commits into from
Mar 5, 2024
Merged

Skip email domain check when admin users adds user manually #29522

merged 12 commits into from
Mar 5, 2024

Conversation

Zettat123
Copy link
Contributor

@Zettat123 Zettat123 commented Mar 1, 2024
edited
Loading

Fix #27457

Administrators should be able to manually create any user even if the user's email address is not in EMAIL_DOMAIN_ALLOWLIST.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 1, 2024
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 1, 2024
@github-actions github-actions bot added the modifies/api This PR adds API routes or modifies them label Mar 4, 2024
@pull-request-size pull-request-size bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Mar 4, 2024
@Zettat123 Zettat123 marked this pull request as ready for review March 4, 2024 09:54
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Mar 5, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 5, 2024
@lunny lunny added backport/v1.21 This PR should be backported to Gitea 1.21 reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Mar 5, 2024
@lunny lunny enabled auto-merge (squash) March 5, 2024 05:43
@lunny lunny merged commit 4fd9c56 into go-gitea:main Mar 5, 2024
26 checks passed
@GiteaBot GiteaBot added this to the 1.23.0 milestone Mar 5, 2024
@GiteaBot
Copy link
Contributor

GiteaBot commented Mar 5, 2024

I was unable to create a backport for 1.21. @Zettat123, please send one manually. 🍵

go run ./contrib/backport 29522
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added backport/manual No power to the bots! Create your backport yourself! and removed reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. labels Mar 5, 2024
Zettat123 added a commit to Zettat123/gitea that referenced this pull request Mar 5, 2024
@Zettat123
Skip email domain check when admin users adds user manually (go-gitea…
421a76f 
…#29522)

Fix go-gitea#27457

Administrators should be able to manually create any user even if the
user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`.
@Zettat123 Zettat123 mentioned this pull request Mar 5, 2024
Closed
@lunny lunny added the backport/done All backports for this PR have been created label Mar 5, 2024
@Zettat123 Zettat123 mentioned this pull request Mar 5, 2024
Merged
@Zettat123 Zettat123 removed the backport/done All backports for this PR have been created label Mar 5, 2024
@Zettat123
Copy link
Contributor Author

Zettat123 commented Mar 5, 2024
edited
Loading

In v1.21 the ValidateUser also calls ValidateEmail. Maybe we need to change more code if we need to backport

gitea/models/user/user.go

Lines 802 to 817 in 4ef7e49

// ValidateUser check if user is valid to insert / update into database
func ValidateUser(u *User, cols ...string) error {
if len(cols) == 0 || util.SliceContainsString(cols, "visibility", true) {
if !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(u.Visibility) && !u.IsOrganization() {
return fmt.Errorf("visibility Mode not allowed: %s", u.Visibility.String())
}
}
if len(cols) == 0 || util.SliceContainsString(cols, "email", true) {
u.Email = strings.ToLower(u.Email)
if err := ValidateEmail(u.Email); err != nil {
return err
}
}
return nil
}

UPDATE: It's difficult to modify ValidateUser so this PR won't be backported

lunny pushed a commit that referenced this pull request Mar 5, 2024
@Zettat123
Skip email domain check when admins edit user emails (#29609)
136dd99 
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`
zjjhot added a commit to zjjhot/gitea that referenced this pull request Mar 6, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
810335f 
* giteaofficial/main:
  Run editorconfig-checker on `locale_en-US.ini` (go-gitea#29608)
  bump protobuf module (go-gitea#29617)
  Add ac claim for old docker/build-push-action@v3 / current buildx gha cache (go-gitea#29584)
  Skip email domain check when admins edit user emails (go-gitea#29609)
  Improve natural sort (go-gitea#29611)
  Add empty repo check in `DetectAndHandleSchedules` (go-gitea#29606)
  Fix contributor graphs mobile layout and responsiveness (go-gitea#29597)
  Skip email domain check when admin users adds user manually (go-gitea#29522)
  Replace more `gt-` with `tw-`, update frontend docs (go-gitea#29595)
  Remove unnecessary ctxData for "attachments" template (go-gitea#29600)
  Adjust tailwind content globs (go-gitea#29596)
  Use flex wrap to layout the PR update button (go-gitea#29590)
  Make "/user/login" page redirect if the current user has signed in (go-gitea#29583)
  [skip ci] Updated translations via Crowdin
  Fix projects mode bugs (go-gitea#29593)
  Regenerate fomantic lockfile and build it with our browserslist (go-gitea#29560)
  Do not exceed display for the PR page buttons on smaller screens (go-gitea#29418)
  Add aria-label to the navbar menu button (go-gitea#29587)
@Zettat123 Zettat123 removed backport/manual No power to the bots! Create your backport yourself! backport/v1.21 This PR should be backported to Gitea 1.21 labels Mar 8, 2024
@Zettat123 Zettat123 mentioned this pull request Mar 8, 2024
Merged
@lunny lunny modified the milestones: 1.23.0, 1.22.0 Mar 8, 2024
lunny pushed a commit that referenced this pull request Mar 11, 2024
@Zettat123
Add a warning for disallowed email domains (#29658)
4129e0e 
Resolve #29660

Follow #29522 and #29609

Add a warning for disallowed email domains when admins manually add/edit
users.

Thanks @yp05327 for the
[comment](#29605 (comment))

![image](https://github.com/go-gitea/gitea/assets/15528715/6737b221-a3a2-4180-9ef8-b846c10f96e0)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 16, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@wxiaoguang wxiaoguang wxiaoguang approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/bug
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.

Admin user registration and EMAIL_DOMAIN_ALLOWLIST
4 participants
@Zettat123 @GiteaBot @lunny @wxiaoguang