Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 18:41:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 18:41:13 +0300
commit: 1e61fc763e645038f2da69fc9af6fe166a6b101a (patch)
tree: 76053795a637d056347c1891d98935c0361a331d /app/models/notification_setting.rb
parent: 57b9b49b27a730294ae37d2ac25cab943f4b801d (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/models/notification_setting.rb b/app/models/notification_setting.rb
index 38bd95e6a20..c8c1f47c182 100644
--- a/app/models/notification_setting.rb
+++ b/app/models/notification_setting.rb
@@ -14,6 +14,7 @@ class NotificationSetting < ApplicationRecord
   validates :user_id, uniqueness: { scope: [:source_type, :source_id],
                                     message: "already exists in source",
                                     allow_nil: true }
+  validate :owns_notification_email, if: :notification_email_changed?
 
   scope :for_groups, -> { where(source_type: 'Namespace') }
 
@@ -97,6 +98,13 @@ class NotificationSetting < ApplicationRecord
   def event_enabled?(event)
     respond_to?(event) && !!public_send(event) # rubocop:disable GitlabSecurity/PublicSend
   end
+
+  def owns_notification_email
+    return if user.temp_oauth_email?
+    return if notification_email.empty?
+
+    errors.add(:notification_email, _("is not an email you own")) unless user.verified_emails.include?(notification_email)
+  end
 end
 
 NotificationSetting.prepend_if_ee('EE::NotificationSetting')
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 18:41:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 18:41:13 +0300
commit	1e61fc763e645038f2da69fc9af6fe166a6b101a (patch)
tree	76053795a637d056347c1891d98935c0361a331d /app/models/notification_setting.rb
parent	57b9b49b27a730294ae37d2ac25cab943f4b801d (diff)