summaryrefslogtreecommitdiff
path: root/util
diff options
context:
space:
mode:
authorYorhel <git@yorhel.nl>2019-10-03 18:01:17 +0200
committerYorhel <git@yorhel.nl>2019-10-03 18:01:17 +0200
commit5ab9f4c5a7008cf832330fdbc7d5337d768dc8ee (patch)
treea9a1b3b9ee1612fa3dc95962b15501b518ddfcf0 /util
parent3f7769d2ba4047e8766e511b7a42c7aa4721f6f8 (diff)
Disallow changing email address to one already used by another account
Diffstat (limited to 'util')
-rw-r--r--util/sql/func.sql4
-rw-r--r--util/updates/update_20191003b.sql1
2 files changed, 3 insertions, 2 deletions
diff --git a/util/sql/func.sql b/util/sql/func.sql
index 0ffe902d..cdf1b605 100644
--- a/util/sql/func.sql
+++ b/util/sql/func.sql
@@ -769,8 +769,8 @@ CREATE OR REPLACE FUNCTION user_isvalidsession(integer, bytea, session_type) RET
$$ LANGUAGE SQL SECURITY DEFINER;
-CREATE OR REPLACE FUNCTION user_emailexists(text) RETURNS boolean AS $$
- SELECT true FROM users WHERE lower(mail) = lower($1) LIMIT 1
+CREATE OR REPLACE FUNCTION user_emailexists(text, integer) RETURNS boolean AS $$
+ SELECT true FROM users WHERE lower(mail) = lower($1) AND ($2 IS NULL OR id <> $2) LIMIT 1
$$ LANGUAGE SQL SECURITY DEFINER;
diff --git a/util/updates/update_20191003b.sql b/util/updates/update_20191003b.sql
index a7342463..d3c41005 100644
--- a/util/updates/update_20191003b.sql
+++ b/util/updates/update_20191003b.sql
@@ -13,6 +13,7 @@ DROP FUNCTION user_isloggedin(integer, bytea);
DROP FUNCTION user_update_lastused(integer, bytea);
DROP FUNCTION user_isvalidtoken(integer, bytea);
DROP FUNCTION user_setmail(integer, integer, bytea, text);
+DROP FUNCTION user_emailexists(text);
-- Convert old password reset tokens to the new session format
INSERT INTO sessions (uid, token, expires, type)