go-gitea · lunny · Mar 5, 2024 · Mar 1, 2024 · Mar 4, 2024 · Mar 4, 2024
diff --git a/models/user/email_address.go b/models/user/email_address.go
@@ -155,7 +155,7 @@ func UpdateEmailAddress(ctx context.Context, email *EmailAddress) error {
 var emailRegexp = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+-/=?^_`{|}~]*@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
 
 // ValidateEmail check if email is a allowed address
-func ValidateEmail(email string) error {
+func ValidateEmail(email string, skipDomainCheck bool) error {
 	if len(email) == 0 {
 		return ErrEmailInvalid{email}
 	}
@@ -172,16 +172,18 @@ func ValidateEmail(email string) error {
 		return ErrEmailInvalid{email}
 	}
 
-	// if there is no allow list, then check email against block list
-	if len(setting.Service.EmailDomainAllowList) == 0 &&
-		validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
-		return ErrEmailInvalid{email}
-	}
+	if !skipDomainCheck {
+		// if there is no allow list, then check email against block list
+		if len(setting.Service.EmailDomainAllowList) == 0 &&
+			validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
+			return ErrEmailInvalid{email}
+		}
 
-	// if there is an allow list, then check email against allow list
-	if len(setting.Service.EmailDomainAllowList) > 0 &&
-		!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
-		return ErrEmailInvalid{email}
+		// if there is an allow list, then check email against allow list
+		if len(setting.Service.EmailDomainAllowList) > 0 &&
+			!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
+			return ErrEmailInvalid{email}
+		}
 	}
 
 	return nil

diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go
@@ -206,7 +206,7 @@ func TestEmailAddressValidate(t *testing.T) {
 	}
 	for kase, err := range kases {
 		t.Run(kase, func(t *testing.T) {
-			assert.EqualValues(t, err, user_model.ValidateEmail(kase))
+			assert.EqualValues(t, err, user_model.ValidateEmail(kase, false))
 		})
 	}
 }
diff --git a/models/user/user.go b/models/user/user.go
@@ -639,7 +639,7 @@ func CreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUserOve
 		return err
 	}
 
-	if err := ValidateEmail(u.Email); err != nil {
+	if err := ValidateEmail(u.Email, false); err != nil {
 		return err
 	}
 

diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
@@ -710,7 +710,7 @@ func ActivatePost(ctx *context.Context) {
 	if code == "" {
 		newEmail := strings.TrimSpace(ctx.FormString("change_email"))
 		if ctx.Doer != nil && newEmail != "" && !strings.EqualFold(ctx.Doer.Email, newEmail) {
-			if user_model.ValidateEmail(newEmail) != nil {
+			if user_model.ValidateEmail(newEmail, false) != nil {
 				ctx.Flash.Error(ctx.Locale.Tr("form.email_invalid"), true)
 				renderActivationChangeEmail(ctx)
 				return

diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
@@ -131,7 +131,7 @@ func TeamsAction(ctx *context.Context) {
 		u, err = user_model.GetUserByName(ctx, uname)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
-				if setting.MailService != nil && user_model.ValidateEmail(uname) == nil {
+				if setting.MailService != nil && user_model.ValidateEmail(uname, false) == nil {
 					if err := org_service.CreateTeamInvite(ctx, ctx.Doer, ctx.Org.Team, uname); err != nil {
 						if org_model.IsErrTeamInviteAlreadyExist(err) {
 							ctx.Flash.Error(ctx.Tr("form.duplicate_invite_to_team"))

diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
@@ -39,13 +39,13 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 	if idx > -1 {
 		username = pamLogin[:idx]
 	}
-	if user_model.ValidateEmail(email) != nil {
+	if user_model.ValidateEmail(email, false) != nil {
 		if source.EmailDomain != "" {
 			email = fmt.Sprintf("%s@%s", username, source.EmailDomain)
 		} else {
 			email = fmt.Sprintf("%s@%s", username, setting.Service.NoReplyAddress)
 		}
-		if user_model.ValidateEmail(email) != nil {
+		if user_model.ValidateEmail(email, false) != nil {
 			email = uuid.New().String() + "@localhost"
 		}
 	}

diff --git a/services/doctor/breaking.go b/services/doctor/breaking.go
@@ -39,7 +39,7 @@ func checkUserEmail(ctx context.Context, logger log.Logger, _ bool) error {
 			return nil
 		}
 
-		if err := user.ValidateEmail(u.Email); err != nil {
+		if err := user.ValidateEmail(u.Email, false); err != nil {
 			invalidUserCount++
 			logger.Warn("User[id=%d name=%q] have not a valid e-mail: %v", u.ID, u.Name, err)
 		}

diff --git a/services/user/email.go b/services/user/email.go
@@ -19,7 +19,7 @@ func AddOrSetPrimaryEmailAddress(ctx context.Context, u *user_model.User, emailS
 		return nil
 	}
 
-	if err := user_model.ValidateEmail(emailStr); err != nil {
+	if err := user_model.ValidateEmail(emailStr, false); err != nil {
 		return err
 	}
 
@@ -72,7 +72,7 @@ func ReplacePrimaryEmailAddress(ctx context.Context, u *user_model.User, emailSt
 		return nil
 	}
 
-	if err := user_model.ValidateEmail(emailStr); err != nil {
+	if err := user_model.ValidateEmail(emailStr, false); err != nil {
 		return err
 	}
 
@@ -117,7 +117,7 @@ func ReplacePrimaryEmailAddress(ctx context.Context, u *user_model.User, emailSt
 
 func AddEmailAddresses(ctx context.Context, u *user_model.User, emails []string) error {
 	for _, emailStr := range emails {
-		if err := user_model.ValidateEmail(emailStr); err != nil {
+		if err := user_model.ValidateEmail(emailStr, false); err != nil {
 			return err
 		}