FEATURE: add maximum limit for secondary emails (#12599)

FEATURE: add maximum limit for secondary emails (#12599)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 47b6981..8b0c98b 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -883,6 +883,7 @@ en:
     error_staged: "There was an error changing your email address. The address is already in use by a staged user."
     already_done: "Sorry, this confirmation link is no longer valid. Perhaps your email was already changed?"
     confirm: "Confirm"
+    max_secondary_emails_error: "You have reached the maximum allowed secondary emails limit."
 
     authorizing_new:
       title: "Confirm your new email"
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 90cd192..8c36cc0 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -1769,6 +1769,9 @@ rate_limits:
     max: 1000000
     default: 10
     client: true
+  max_allowed_secondary_emails:
+    default: 10
+    hidden: true
 
 developer:
   force_hostname:
diff --git a/lib/email_updater.rb b/lib/email_updater.rb
index 68724a9..5c99219 100644
--- a/lib/email_updater.rb
+++ b/lib/email_updater.rb
@@ -31,9 +31,16 @@ class EmailUpdater
       end
     end
 
-    return if errors.present? || existing_user.present?
+    if add
+      secondary_emails_count = @user.secondary_emails.count
+      if secondary_emails_count >= SiteSetting.max_allowed_secondary_emails
+        errors.add(:base, I18n.t("change_email.max_secondary_emails_error"))
+      end
+    else
+      old_email = @user.email
+    end
 
-    old_email = @user.email if !add
+    return if errors.present? || existing_user.present?
 
     if @guardian.is_staff? && @guardian.user != @user
       StaffActionLogger.new(@guardian.user).log_add_email(@user)
diff --git a/spec/components/email_updater_spec.rb b/spec/components/email_updater_spec.rb
index d10ec0b..f70c009 100644
--- a/spec/components/email_updater_spec.rb
+++ b/spec/components/email_updater_spec.rb
@@ -239,6 +239,23 @@ describe EmailUpdater do
         end
       end
     end
+
+    context "max_allowed_secondary_emails" do
+      let(:secondary_email_1) { "secondary_1@email.com" }
+      let(:secondary_email_2) { "secondary_2@email.com" }
+
+      before do
+        SiteSetting.max_allowed_secondary_emails = 2
+        Fabricate(:secondary_email, user: user, primary: false, email: secondary_email_1)
+        Fabricate(:secondary_email, user: user, primary: false, email: secondary_email_2)
+      end
+
+      it "max secondary_emails limit reached" do
+        updater.change_to(new_email, add: true)
+        expect(updater.errors).to be_present
+        expect(updater.errors.messages[:base].first).to be I18n.t("change_email.max_secondary_emails_error")
+      end
+    end
   end
 
   context 'as a staff user' do

GitHub sha: 6234d745

1 Like

This commit appears in #12599 which was approved by CvX. It was merged by techAPJ.