From 7eca077877787b0cd9eb7764f46e9eba78fb7382 Mon Sep 17 00:00:00 2001
From: JoramWilander <jwawilander@gmail.com>
Date: Fri, 6 Nov 2015 08:56:13 -0500
Subject: Prevent SSO users from changing their email

---
 api/user.go                                        |  2 +-
 model/user.go                                      |  7 ++
 store/sql_user_store.go                            |  4 +-
 .../user_settings/user_settings_general.jsx        | 90 +++++++++++++---------
 4 files changed, 66 insertions(+), 37 deletions(-)

diff --git a/api/user.go b/api/user.go
index c871d7c79..774ceddbf 100644
--- a/api/user.go
+++ b/api/user.go
@@ -114,7 +114,7 @@ func createUser(c *Context, w http.ResponseWriter, r *http.Request) {
 		sendWelcomeEmail = false
 	}
 
-	if len(user.AuthData) > 0 && len(user.AuthService) > 0 {
+	if user.IsSSOUser() {
 		user.EmailVerified = true
 	}
 
diff --git a/model/user.go b/model/user.go
index 871d1bf2d..4365f47d2 100644
--- a/model/user.go
+++ b/model/user.go
@@ -326,6 +326,13 @@ func IsInRole(userRoles string, inRole string) bool {
 	return false
 }
 
+func (u *User) IsSSOUser() bool {
+	if len(u.AuthData) != 0 && len(u.AuthService) != 0 {
+		return true
+	}
+	return false
+}
+
 func (u *User) PreExport() {
 	u.Password = ""
 	u.AuthData = ""
diff --git a/store/sql_user_store.go b/store/sql_user_store.go
index 3347df08b..686949a4d 100644
--- a/store/sql_user_store.go
+++ b/store/sql_user_store.go
@@ -140,7 +140,9 @@ func (us SqlUserStore) Update(user *model.User, allowActiveUpdate bool) StoreCha
 				user.DeleteAt = oldUser.DeleteAt
 			}
 
-			if user.Email != oldUser.Email {
+			if user.IsSSOUser() {
+				user.Email = oldUser.Email
+			} else if user.Email != oldUser.Email {
 				user.EmailVerified = false
 			}
 
diff --git a/web/react/components/user_settings/user_settings_general.jsx b/web/react/components/user_settings/user_settings_general.jsx
index 9f0c16194..1bfae6930 100644
--- a/web/react/components/user_settings/user_settings_general.jsx
+++ b/web/react/components/user_settings/user_settings_general.jsx
@@ -451,44 +451,60 @@ export default class UserSettingsGeneralTab extends React.Component {
                 }
             }
 
-            inputs.push(
-                <div key='emailSetting'>
-                    <div className='form-group'>
-                        <label className='col-sm-5 control-label'>{'Primary Email'}</label>
-                        <div className='col-sm-7'>
-                            <input
-                                className='form-control'
-                                type='text'
-                                onChange={this.updateEmail}
-                                value={this.state.email}
-                            />
+            let submit = null;
+
+            if (this.props.user.auth_service === '') {
+                inputs.push(
+                    <div key='emailSetting'>
+                        <div className='form-group'>
+                            <label className='col-sm-5 control-label'>{'Primary Email'}</label>
+                            <div className='col-sm-7'>
+                                <input
+                                    className='form-control'
+                                    type='text'
+                                    onChange={this.updateEmail}
+                                    value={this.state.email}
+                                />
+                            </div>
                         </div>
                     </div>
-                </div>
-            );
-
-            inputs.push(
-                <div key='confirmEmailSetting'>
-                    <div className='form-group'>
-                        <label className='col-sm-5 control-label'>{'Confirm Email'}</label>
-                        <div className='col-sm-7'>
-                            <input
-                                className='form-control'
-                                type='text'
-                                onChange={this.updateConfirmEmail}
-                                value={this.state.confirmEmail}
-                            />
+                );
+
+                inputs.push(
+                    <div key='confirmEmailSetting'>
+                        <div className='form-group'>
+                            <label className='col-sm-5 control-label'>{'Confirm Email'}</label>
+                            <div className='col-sm-7'>
+                                <input
+                                    className='form-control'
+                                    type='text'
+                                    onChange={this.updateConfirmEmail}
+                                    value={this.state.confirmEmail}
+                                />
+                            </div>
                         </div>
+                        {helpText}
                     </div>
-                    {helpText}
-                </div>
-            );
+                );
+
+                submit = this.submitEmail;
+            } else {
+                inputs.push(
+                    <div
+                        key='oauthEmailInfo'
+                        className='form-group'
+                    >
+                        <div className='setting-list__hint'>{'Log in occurs through GitLab. Email cannot be updated.'}</div>
+                        {helpText}
+                    </div>
+                );
+            }
 
             emailSection = (
                 <SettingItemMax
                     title='Email'
                     inputs={inputs}
-                    submit={this.submitEmail}
+                    submit={submit}
                     server_error={serverError}
                     client_error={emailError}
                     updateSection={function clearSection(e) {
@@ -499,15 +515,19 @@ export default class UserSettingsGeneralTab extends React.Component {
             );
         } else {
             let describe = '';
-            if (this.state.emailChangeInProgress) {
-                const newEmail = UserStore.getCurrentUser().email;
-                if (newEmail) {
-                    describe = 'New Address: ' + newEmail + '\nCheck your email to verify the above address.';
+            if (this.props.user.auth_service === '') {
+                if (this.state.emailChangeInProgress) {
+                    const newEmail = UserStore.getCurrentUser().email;
+                    if (newEmail) {
+                        describe = 'New Address: ' + newEmail + '\nCheck your email to verify the above address.';
+                    } else {
+                        describe = 'Check your email to verify your new address';
+                    }
                 } else {
-                    describe = 'Check your email to verify your new address';
+                    describe = UserStore.getCurrentUser().email;
                 }
             } else {
-                describe = UserStore.getCurrentUser().email;
+                describe = 'Log in done through GitLab';
             }
 
             emailSection = (
-- 
cgit v1.2.3-1-g7c22