Skip to content

Commit 3a1f937

Browse files
oiokioioki
authored
fix: require email to be verified before making it primary (#68897)
Make sure the `username` is verified before making it a primary email.
1 parent 6ee0e1b commit 3a1f937

File tree

2 files changed

+23
-0
lines changed

2 files changed

+23
-0
lines changed

src/sentry/api/endpoints/user_details.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
from sentry.models.organizationmapping import OrganizationMapping
2727
from sentry.models.organizationmembermapping import OrganizationMemberMapping
2828
from sentry.models.user import User
29+
from sentry.models.useremail import UserEmail
2930
from sentry.services.hybrid_cloud.organization import organization_service
3031
from sentry.services.hybrid_cloud.organization.model import RpcOrganizationDeleteState
3132
from sentry.services.hybrid_cloud.user.serial import serialize_generic_user
@@ -184,6 +185,13 @@ def put(self, request: Request, user) -> Response:
184185
:param string default_issue_event: Event displayed by default, "recommended", "latest" or "oldest"
185186
:auth: required
186187
"""
188+
if "username" in request.data:
189+
verified_email_found = UserEmail.objects.filter(
190+
user_id=user.id, email=request.data["username"], is_verified=True
191+
).exists()
192+
if not verified_email_found:
193+
return Response({"detail": "Verified email address is not found."}, status=400)
194+
187195
# We want to prevent superusers from setting users to superuser or staff
188196
# because this is only done through _admin. This will always be enforced
189197
# once the feature flag is removed.

tests/sentry/api/endpoints/test_user_details.py

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,7 @@ def test_change_username_when_different(self):
166166
user = self.create_user(email="c@example.com", username="diff@example.com")
167167
self.login_as(user=user, superuser=False)
168168

169+
self.create_useremail(user, "new@example.com", is_verified=True)
169170
self.get_success_response("me", username="new@example.com")
170171

171172
user = User.objects.get(id=user.id)
@@ -179,13 +180,27 @@ def test_change_username_when_same(self):
179180
user = self.create_user(email="c@example.com", username="c@example.com")
180181
self.login_as(user=user)
181182

183+
self.create_useremail(user, "new@example.com", is_verified=True)
182184
self.get_success_response("me", username="new@example.com")
183185

184186
user = User.objects.get(id=user.id)
185187

186188
assert user.email == "new@example.com"
187189
assert user.username == "new@example.com"
188190

191+
def test_cannot_change_username_to_non_verified(self):
192+
user = self.create_user(email="c@example.com", username="c@example.com")
193+
self.login_as(user=user)
194+
195+
self.create_useremail(user, "new@example.com", is_verified=False)
196+
resp = self.get_error_response("me", username="new@example.com", status_code=400)
197+
assert resp.data["detail"] == "Verified email address is not found."
198+
199+
user = User.objects.get(id=user.id)
200+
201+
assert user.email == "c@example.com"
202+
assert user.username == "c@example.com"
203+
189204

190205
@control_silo_test
191206
class UserDetailsSuperuserUpdateTest(UserDetailsTest):

0 commit comments

Comments
 (0)