From 4f5027042a944f2e688d010bc469b593e92d22bb Mon Sep 17 00:00:00 2001
From: Lin Jen-Shin <godfat@godfat.org>
Date: Thu, 24 Mar 2016 18:28:23 +0800
Subject: [PATCH] Add another TODO that we need to verify identity better

---
 lib/gitlab/email/receiver.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/gitlab/email/receiver.rb b/lib/gitlab/email/receiver.rb
index 2b57b3a20fc..714f45d2d43 100644
--- a/lib/gitlab/email/receiver.rb
+++ b/lib/gitlab/email/receiver.rb
@@ -87,6 +87,8 @@ module Gitlab
       end
 
       # Find the first matched user in database from email From: section
+      # TODO: Since this address could be forged, we should have some kind of
+      #       auth token attached somewhere to verify the identity better.
       def message_sender
         @message_sender ||= message.from.find do |email|
           user = User.find_by_any_email(email)
-- 
GitLab