Skip to content

Commit

Permalink
Check primary email address fields on CreateUser (#556)
Browse files Browse the repository at this point in the history 
* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check
  • Loading branch information
@lunny
Berk Demirkır authored and lunny committed Jan 5, 2017
1 parent 1207bda commit bdad3b2
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions models/user.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -600,6 +600,15 @@ func CreateUser(u *User) (err error) {
}

u.Email = strings.ToLower(u.Email)
has, err := x.
Where("email=?", u.Email).
Get(new(User))
if err != nil {
return err
} else if has {
return ErrEmailAlreadyUsed{u.Email}
}

isExist, err = IsEmailUsed(u.Email)
if err != nil {
return err
Expand Down

0 comments on commit bdad3b2

Please sign in to comment.