Commit 03497fbd authored by dcouture's avatar dcouture Committed by Dominic Couture

Do not show email address in error message

Changelog: security
EE: true
parent a69703a9
...@@ -96,8 +96,8 @@ module EE ...@@ -96,8 +96,8 @@ module EE
end end
def email_does_not_match_any_allowed_domains(email) def email_does_not_match_any_allowed_domains(email)
n_("email '%{email}' does not match the allowed domain of %{email_domains}", "email '%{email}' does not match the allowed domains: %{email_domains}", group_allowed_email_domains.size) % n_("email does not match the allowed domain of %{email_domains}", "email does not match the allowed domains: %{email_domains}", group_allowed_email_domains.size) %
{ email: email, email_domains: group_allowed_email_domains.map(&:domain).join(', ') } { email_domains: group_allowed_email_domains.map(&:domain).join(', ') }
end end
def email_not_verified def email_not_verified
......
...@@ -34,7 +34,7 @@ RSpec.describe GroupMember do ...@@ -34,7 +34,7 @@ RSpec.describe GroupMember do
group_member = build(:group_member, group: group, user: gmail_user) group_member = build(:group_member, group: group, user: gmail_user)
expect(group_member).to be_invalid expect(group_member).to be_invalid
expect(group_member.errors[:user]).to include("email 'test@gmail.com' does not match the allowed domains: gitlab.com, acme.com") expect(group_member.errors[:user]).to include("email does not match the allowed domains: gitlab.com, acme.com")
end end
it 'shows proper error message for single domain limitation' do it 'shows proper error message for single domain limitation' do
...@@ -42,7 +42,7 @@ RSpec.describe GroupMember do ...@@ -42,7 +42,7 @@ RSpec.describe GroupMember do
group_member = build(:group_member, group: group, user: gmail_user) group_member = build(:group_member, group: group, user: gmail_user)
expect(group_member).to be_invalid expect(group_member).to be_invalid
expect(group_member.errors[:user]).to include("email 'test@gmail.com' does not match the allowed domain of gitlab.com") expect(group_member.errors[:user]).to include("email does not match the allowed domain of gitlab.com")
end end
it 'invited email must match at least one of the allowed domain emails' do it 'invited email must match at least one of the allowed domain emails' do
......
...@@ -53,7 +53,7 @@ RSpec.describe Groups::GroupMembersController do ...@@ -53,7 +53,7 @@ RSpec.describe Groups::GroupMembersController do
it 'returns error message' do it 'returns error message' do
subject subject
expect(json_response).to eq({ 'message' => "User email 'test@gmail.com' does not match the allowed domain of gitlab.com" }) expect(json_response).to eq({ 'message' => "User email does not match the allowed domain of gitlab.com" })
end end
end end
end end
......
...@@ -38648,14 +38648,14 @@ msgstr "" ...@@ -38648,14 +38648,14 @@ msgstr ""
msgid "element is not a hierarchy" msgid "element is not a hierarchy"
msgstr "" msgstr ""
msgid "email '%{email}' does not match the allowed domain of %{email_domains}"
msgid_plural "email '%{email}' does not match the allowed domains: %{email_domains}"
msgstr[0] ""
msgstr[1] ""
msgid "email '%{email}' is not a verified email." msgid "email '%{email}' is not a verified email."
msgstr "" msgstr ""
msgid "email does not match the allowed domain of %{email_domains}"
msgid_plural "email does not match the allowed domains: %{email_domains}"
msgstr[0] ""
msgstr[1] ""
msgid "enabled" msgid "enabled"
msgstr "" msgstr ""
......
...@@ -44,8 +44,7 @@ describe('Vuex members mutations', () => { ...@@ -44,8 +44,7 @@ describe('Vuex members mutations', () => {
describe('when error has a message', () => { describe('when error has a message', () => {
it('shows error message', () => { it('shows error message', () => {
const error = new Error('Request failed with status code 422'); const error = new Error('Request failed with status code 422');
const message = const message = 'User email does not match the allowed domain of example.com';
'User email "john.smith@gmail.com" does not match the allowed domain of example.com';
error.response = { error.response = {
data: { message }, data: { message },
...@@ -88,8 +87,7 @@ describe('Vuex members mutations', () => { ...@@ -88,8 +87,7 @@ describe('Vuex members mutations', () => {
describe('when error has a message', () => { describe('when error has a message', () => {
it('shows error message', () => { it('shows error message', () => {
const error = new Error('Request failed with status code 422'); const error = new Error('Request failed with status code 422');
const message = const message = 'User email does not match the allowed domain of example.com';
'User email "john.smith@gmail.com" does not match the allowed domain of example.com';
error.response = { error.response = {
data: { message }, data: { message },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment