[v11.0/forgejo] fix: user activation with uppercase email address (#8385)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/8367 - Right before the call to user email activation, the user is updated [^1]. This causes the email to be lowered, which in turn makes the call to activate the user activation fail (on database where collation is case sensitive, which is the recommend collation by Forgejo). - The code in `BeforeUpdate` is quite confusing, the comment has become slightly out of date and was reworded to reflect reality and its purpose. The code is also slightly reworked to only lower the email for the `AvatarEmail` field to avoid causing side-effect. - Added unit test. - Resolves forgejo/forgejo#8354 [^1]: 4927d4ee3d/routers/web/auth/auth.go (L785) Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8385 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2025-07-11 22:49:17 +02:00 · 2025-07-02 14:09:24 +02:00 · 2025-07-02 14:09:24 +02:00 · c0d11a365f
commit c0d11a365f
parent f71e5ac323
4 changed files with 39 additions and 3 deletions
--- a/models/fixtures/TestActivateUserEmail/email_address.yml
+++ b/models/fixtures/TestActivateUserEmail/email_address.yml
@ -0,0 +1,7 @@
+-
+  id: 1001
+  uid: 1001
+  email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net
+  lower_email: anothertestuserwithuppercaseemail@otto.splvs.net
+  is_activated: false
+  is_primary: true
--- a/models/fixtures/TestActivateUserEmail/user.yml
+++ b/models/fixtures/TestActivateUserEmail/user.yml
@ -0,0 +1,12 @@
+-
+  id: 1001
+  lower_name: user1001
+  name: user1001
+  full_name: User That loves Upper Cases
+  email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  avatar: ''
+  avatar_email: anothertestuserwithuppercaseemail@otto.splvs.net
+  login_name: user1
+  created_unix: 1672578000
--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@ -181,3 +181,20 @@ func TestDeletePrimaryEmailAddressOfUser(t *testing.T) {
 	assert.True(t, user_model.IsErrEmailAddressNotExist(err))
 	assert.Nil(t, email)
 }
+
+func TestActivateUserEmail(t *testing.T) {
+	defer unittest.OverrideFixtures("models/fixtures/TestActivateUserEmail")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Activate email", func(t *testing.T) {
+		require.NoError(t, user_model.ActivateUserEmail(t.Context(), 1001, "AnotherTestUserWithUpperCaseEmail@otto.splvs.net", true))
+
+		unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 1001}, "is_activated = true")
+	})
+
+	t.Run("Deactivate email", func(t *testing.T) {
+		require.NoError(t, user_model.ActivateUserEmail(t.Context(), 1001, "AnotherTestUserWithUpperCaseEmail@otto.splvs.net", false))
+
+		unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: 1001}, "is_activated = false")
+	})
+}
--- a/models/user/user.go
+++ b/models/user/user.go
@ -181,11 +181,11 @@ func (u *User) BeforeUpdate() {
 		u.MaxRepoCreation = -1
 	}

-	// Organization does not need email
-	u.Email = strings.ToLower(u.Email)
+	// Ensure AvatarEmail is set for non-organization users, because organization
+	// are not required to have a email set.
 	if !u.IsOrganization() {
 		if len(u.AvatarEmail) == 0 {
-			u.AvatarEmail = u.Email
+			u.AvatarEmail = strings.ToLower(u.Email)
 		}
 	}