Add latest changes from gitlab-org/gitlab@14-8-stable-eev14.8.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 12:45:46 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-02-18 12:45:46 +0300
commit: a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree: 7452bd5c3545c2fa67a28aa013835fb4fa071baf /lib/gitlab/email
parent: ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/gitlab/email/handler/create_note_handler.rb b/lib/gitlab/email/handler/create_note_handler.rb
index 4fa2fe1724e..b168efaac11 100644
--- a/lib/gitlab/email/handler/create_note_handler.rb
+++ b/lib/gitlab/email/handler/create_note_handler.rb
@@ -24,6 +24,8 @@ module Gitlab
 
           validate_permission!(:create_note)
 
+          validate_from_address!
+
           raise NoteableNotFoundError unless noteable
           raise EmptyEmailError if note_message.blank?
 
@@ -56,6 +58,17 @@ module Gitlab
 
           message_with_appended_reply
         end
+
+        def from_address
+          mail.from&.first
+        end
+
+        def validate_from_address!
+          # Recipieint is always set to Support bot for ServiceDesk issues so we should exclude those.
+          return if author == User.support_bot
+
+          raise UserNotFoundError unless from_address && author.verified_email?(from_address)
+        end
       end
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 12:45:46 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-02-18 12:45:46 +0300
commit	a7b3560714b4d9cc4ab32dffcd1f74a284b93580 (patch)
tree	7452bd5c3545c2fa67a28aa013835fb4fa071baf /lib/gitlab/email
parent	ee9173579ae56a3dbfe5afe9f9410c65bb327ca7 (diff)