add check for duplicate email, email message to old address

duplicate email opens a security hole because of social auth

email_change/forms.py

@@ -26,6 +26,7 @@
 
 from django import forms
 from django.db.models.loading import cache
+from django.utils.translation import ugettext_lazy as _
 
 
 class EmailChangeForm(forms.Form):
@@ -56,10 +57,15 @@ class EmailChangeForm(forms.Form):
         
         # Check if the new email address differs from the current email address.
         if user.email == email:
-            raise forms.ValidationError('New email address cannot be the same \
+            raise forms.ValidationError(_("Your email is already ")+ email)
-                as your current email address')
+
-        
+        users = User.objects.exclude(id=user.id).filter(email__iexact=email)
+        for user in users:
+            raise forms.ValidationError(_("Another user with that email already exists."))
+       
         return email
 
+    oldemail = None
+    
 
 

email_change/views.py

@@ -73,7 +73,7 @@ def email_change_view(request, extra_context={},
                 verification_key = verification_key,
                 email = email
                 )
-            old_email=user.email
+            old_email=request.user.email
             
             # Prepare context
             c = {
@@ -91,7 +91,7 @@ def email_change_view(request, extra_context={},
             subject = render_to_string(email_subject_template_name, context_instance=context)
             message = render_to_string(email_message_template_name, context_instance=context)
             
-            send_mail(subject, message, None, [email,old_email])
+            send_mail(subject, message, None, [email, old_email])
             
             # Redirect
             return redirect(success_url)