diff options
author | Lin Jen-Shin <godfat@godfat.org> | 2016-03-24 18:28:23 +0800 |
---|---|---|
committer | Lin Jen-Shin <godfat@godfat.org> | 2016-05-16 21:27:16 +0000 |
commit | 4f5027042a944f2e688d010bc469b593e92d22bb (patch) | |
tree | 1895d554cec354d1ca7fea5926ddad063c9f9ef7 | |
parent | 6cfd028278e7fe22c2776b9ce70a5b92223115f9 (diff) | |
download | gitlab-ce-4f5027042a944f2e688d010bc469b593e92d22bb.tar.gz |
Add another TODO that we need to verify identity better
-rw-r--r-- | lib/gitlab/email/receiver.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/lib/gitlab/email/receiver.rb b/lib/gitlab/email/receiver.rb index 2b57b3a20fc..714f45d2d43 100644 --- a/lib/gitlab/email/receiver.rb +++ b/lib/gitlab/email/receiver.rb @@ -87,6 +87,8 @@ module Gitlab end # Find the first matched user in database from email From: section + # TODO: Since this address could be forged, we should have some kind of + # auth token attached somewhere to verify the identity better. def message_sender @message_sender ||= message.from.find do |email| user = User.find_by_any_email(email) |