Skip to content

Commit

Permalink
MDL-51945 core_user: Prevent duplicated emails in update_users WS
Browse files Browse the repository at this point in the history
  • Loading branch information
jleyva committed Oct 30, 2017
1 parent 40f1801 commit 8c4d7ce
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
10 changes: 10 additions & 0 deletions user/externallib.php
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,16 @@ public static function update_users($users) {
if ($existinguser->deleted or is_mnet_remote_user($existinguser) or isguestuser($existinguser->id)) {
continue;
}
// Check duplicated emails.
if (isset($user['email']) && $user['email'] !== $existinguser->email) {
if (!validate_email($user['email'])) {
continue;
} else if (empty($CFG->allowaccountssameemail) &&
$DB->record_exists('user', array('email' => $user['email'], 'mnethostid' => $CFG->mnet_localhost_id))) {
continue;
}
}

user_update_user($user, true, false);

// Update user picture if it was specified for this user.
Expand Down
25 changes: 25 additions & 0 deletions user/tests/externallib_test.php
Original file line number Diff line number Diff line change
Expand Up @@ -676,6 +676,31 @@ public function test_update_users() {
core_user_external::update_users(array($user1));
}

/**
* Test update_users using duplicated email.
*/
public function test_update_users_duplicated_email() {
global $DB, $CFG;

$this->resetAfterTest(true);
$this->setAdminUser();

$user1 = self::getDataGenerator()->create_user();
$user2 = self::getDataGenerator()->create_user();
$user2toupdate = array(
'id' => $user2->id,
'email' => $user1->email,
);
// E-mail duplicated not allowed.
$CFG->allowaccountssameemail = 0;
core_user_external::update_users(array($user2toupdate));
$this->assertNotEquals($user1->email, $DB->get_field('user', 'email', array('id' => $user2->id)));
// E-mail duplicated allowed.
$CFG->allowaccountssameemail = 1;
core_user_external::update_users(array($user2toupdate));
$this->assertEquals($user1->email, $DB->get_field('user', 'email', array('id' => $user2->id)));
}

/**
* Test add_user_private_files
*/
Expand Down

0 comments on commit 8c4d7ce

Please sign in to comment.