diff options
| author | David Pursehouse <david.pursehouse@sonymobile.com> | 2016-02-03 13:24:30 +0900 |
|---|---|---|
| committer | David Pursehouse <david.pursehouse@sonymobile.com> | 2016-02-03 18:23:03 +0900 |
| commit | d84ff8f6ce67af7aae41e3a865f1e04eccba39c8 (patch) | |
| tree | 1d9c2d48c67fc73b35345afef9a66d8487432b04 | |
| parent | e8f99813a7b0f4e2fa9ac0c48702d26047c4d95b (diff) | |
CreateEmail: Don't allow to add email prohibited by sendemail.allowrcpt
If the server configuration includes sendemail.allowrcpt, and the user
attempts to add an email address whose domain is not included, return a
"method not allowed" error.
This check is not done when the calling user has the 'ModifyAccount'
capability and has set the noConfirmation flag on the request. In this
case the email is added without any validation other than that the
email address itself is a valid email address.
Change-Id: Ic83e1f73962dbc4ba76c6ab2c518797fa9d6adeb
| -rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java | 6 | ||||
| -rw-r--r-- | gerrit-server/src/main/java/com/google/gerrit/server/mail/RegisterNewEmailSender.java | 4 |
2 files changed, 9 insertions, 1 deletions
diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java index 441213d1e1..700e138a96 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/account/CreateEmail.java @@ -135,7 +135,11 @@ public class CreateEmail implements RestModifyView<AccountResource, Input> { } } else { try { - registerNewEmailFactory.create(email).send(); + RegisterNewEmailSender sender = registerNewEmailFactory.create(email); + if (!sender.isAllowed()) { + throw new MethodNotAllowedException("Not allowed to add email address " + email); + } + sender.send(); info.pendingConfirmation = true; } catch (EmailException | RuntimeException e) { log.error("Cannot send email verification message to " + email, e); diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/mail/RegisterNewEmailSender.java b/gerrit-server/src/main/java/com/google/gerrit/server/mail/RegisterNewEmailSender.java index c24997bc70..1d879724d8 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/mail/RegisterNewEmailSender.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/mail/RegisterNewEmailSender.java @@ -77,4 +77,8 @@ public class RegisterNewEmailSender extends OutgoingEmail { } return emailToken; } + + public boolean isAllowed() { + return args.emailSender.canEmail(addr); + } } |