Do not include unverified emails in searches when trying to identify commits
Summary
User reported commits in their repo being identified as the incorrect GitLab user due to the commit author email being set as commonfirstname@commonfirstnames-MacBook-Pro.local
. Error prone and invalid addresses, such as those ending with .local
, .example
or those with otherwise invalid domain names will be unable to receive a verification email.
ZD ticket (GitLab internal): https://gitlab.zendesk.com/agent/tickets/120202
Steps to reproduce
- From one GitLab account, commit and push to a repository with
author
set tosasha@sashas-MacBook-Pro.local
. - From another account, add
sasha@sashas-MacBookPro.local
. It can't be verified via email since.local
will be undeliverable. - The commit created in Step 1 will be identified as the user in Step 2.
What is the current bug behavior?
The user that registered the common, generated email address will show up as the author of commits across GitLab. When this happens in private projects, it appears to be suspicious activity at first glance.
What is the expected correct behavior?
It should appear as commits do when no GitLab user can be found.
Output of checks
This bug happens on GitLab.com.
Possible fixes
Unverified emails should not be included when searching for users to identify commit authors.