Merge pull request 'Rate limit pre-activation email change separately' (#2043) from algernon/forgejo:b/2040-email-change-and-cache-fix into forgejo-dependency

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2043
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>

routers/web/auth/auth.go

@@ -647,13 +647,22 @@ func Activate(ctx *context.Context) {
 		}
 		// Resend confirmation email.
 		if setting.Service.RegisterEmailConfirm {
-			if ctx.Cache.IsExist("MailResendLimit_" + ctx.Doer.LowerName) {
+			var cacheKey string
+			if ctx.Cache.IsExist("MailChangedJustNow_" + ctx.Doer.LowerName) {
+				cacheKey = "MailChangedLimit_"
+				if err := ctx.Cache.Delete("MailChangedJustNow_" + ctx.Doer.LowerName); err != nil {
+					log.Error("Delete cache(MailChangedJustNow) fail: %v", err)
+				}
+			} else {
+				cacheKey = "MailResendLimit_"
+			}
+			if ctx.Cache.IsExist(cacheKey + ctx.Doer.LowerName) {
 				ctx.Data["ResendLimited"] = true
 			} else {
 				ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)
 				mailer.SendActivateAccountMail(ctx.Locale, ctx.Doer)
 
-				if err := ctx.Cache.Put("MailResendLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+				if err := ctx.Cache.Put(cacheKey+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
 					log.Error("Set cache(MailResendLimit) fail: %v", err)
 				}
 			}
@@ -696,7 +705,7 @@ func ActivatePost(ctx *context.Context) {
 			}
 			// Change the primary email
 			if setting.Service.RegisterEmailConfirm {
-				if false && ctx.Cache.IsExist("MailResendLimit_"+ctx.Doer.LowerName) {
+				if ctx.Cache.IsExist("MailChangeLimit_" + ctx.Doer.LowerName) {
 					ctx.Data["ResendLimited"] = true
 				} else {
 					ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)
@@ -710,6 +719,13 @@ func ActivatePost(ctx *context.Context) {
 						ctx.RenderWithErr(ctx.Tr("auth.change_unconfirmed_email_error", err), TplActivate, nil)
 						return
 					}
+					if err := ctx.Cache.Put("MailChangeLimit_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+						log.Error("Set cache(MailChangeLimit) fail: %v", err)
+					}
+					if err := ctx.Cache.Put("MailChangedJustNow_"+ctx.Doer.LowerName, ctx.Doer.LowerName, 180); err != nil {
+						log.Error("Set cache(MailChangedJustNow) fail: %v", err)
+					}
+
 					// Confirmation mail will be re-sent after the redirect to `/user/activate` below.
 				}
 			} else {

tests/integration/signup_test.go

@@ -124,6 +124,15 @@ func TestSignupEmailChangeForInactiveUser(t *testing.T) {
 	// Verify that the email was updated
 	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserX"})
 	assert.Equal(t, "fine-email@example.com", user.Email)
+
+	// Try to change the email again
+	req = NewRequestWithValues(t, "POST", "/user/activate", map[string]string{
+		"email": "wrong-again@example.com",
+	})
+	session.MakeRequest(t, req, http.StatusSeeOther)
+	// Verify that the email was NOT updated
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "exampleUserX"})
+	assert.Equal(t, "fine-email@example.com", user.Email)
 }
 
 func TestSignupEmailChangeForActiveUser(t *testing.T) {