Prevent admin or user from updating user email to an email in blacklisted email domains

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Summary

Able to add user email which is in blocked domain list

Steps to reproduce

Pre-Actions: Goto Admin Page > Settings

1. Check the box "Sign-up enabled"
2. Add whitelist domain
3. Add blacklist domain

Case 1: General User

1. Sign up with the email of whitelisted domain
2. Goto Profile Settings, edit the email address to an email address that belongs to a blacklisted domaiin.
3. Click on Save. You will be allowed to save the email address.

Case 2. Admin User

1. Browse for a user details.
2. click on edit person details
3. Change the user email to an email address that belongs to a blacklisted domaiin.
4. Click on save, the admin user is allowed to modify the email address without any issue.

One more major difference between case 1 & 2: In case 1, the user was asked to confirm the email, but In case 2, there was such confirmation...

In my view case 2 is more dangerous than case 1.

Possible fixes

In both the cases, an error/information has to be given to the user that the email address domain is not a whitelisted one...