From 9533d8a5aaccf61bd4b6be01c583a8841a75e28a Mon Sep 17 00:00:00 2001 From: Khanh Ngo Date: Sun, 22 Dec 2019 09:19:35 +0700 Subject: [PATCH] Adjustment in user profile email - Don't allow to update to new email address that currently used by another user - Reset the confirmed status if verify_user_email setting is enabled --- powerdnsadmin/models/user.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/powerdnsadmin/models/user.py b/powerdnsadmin/models/user.py index 70ed111..8045b35 100644 --- a/powerdnsadmin/models/user.py +++ b/powerdnsadmin/models/user.py @@ -508,11 +508,25 @@ class User(db.Model): user.firstname = self.firstname if self.firstname else user.firstname user.lastname = self.lastname if self.lastname else user.lastname - user.email = self.email if self.email else user.email user.password = self.get_hashed_password( self.plain_text_password).decode( "utf-8") if self.plain_text_password else user.password + if self.email: + # Can not update to a new email that + # already been used. + existing_email = User.query.filter( + User.email == self.email, + User.username != self.username).first() + if existing_email: + return False + # If need to verify new email, + # update the "confirmed" status. + if user.email != self.email: + user.email = self.email + if Setting().get('verify_user_email'): + user.confirmed = 0 + if enable_otp is not None: user.otp_secret = ""