From 6bdfc84e6c579861e034962acf9727bd39774f0f Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Tue, 27 Feb 2024 18:55:13 +0800 Subject: [PATCH] Allow to change primary email before account activation (#29412) --- models/user/email_address.go | 46 ++++++++++++++++++----------- models/user/email_address_test.go | 27 ++++++----------- options/locale/locale_en-US.ini | 3 +- routers/web/auth/auth.go | 31 +++++++++++++++++-- routers/web/user/setting/account.go | 4 +-- templates/user/auth/activate.tmpl | 7 +++++ tests/integration/signup_test.go | 16 ++++++++-- 7 files changed, 91 insertions(+), 43 deletions(-) diff --git a/models/user/email_address.go b/models/user/email_address.go index 216840916d..9ddd1838d5 100644 --- a/models/user/email_address.go +++ b/models/user/email_address.go @@ -21,9 +21,6 @@ import ( "xorm.io/builder" ) -// ErrEmailNotActivated e-mail address has not been activated error -var ErrEmailNotActivated = util.NewInvalidArgumentErrorf("e-mail address has not been activated") - // ErrEmailCharIsNotSupported e-mail address contains unsupported character type ErrEmailCharIsNotSupported struct { Email string @@ -313,27 +310,27 @@ func updateActivation(ctx context.Context, email *EmailAddress, activate bool) e return UpdateUserCols(ctx, user, "rands") } -// MakeEmailPrimary sets primary email address of given user. -func MakeEmailPrimary(ctx context.Context, email *EmailAddress) error { - has, err := db.GetEngine(ctx).Get(email) - if err != nil { +func MakeActiveEmailPrimary(ctx context.Context, emailID int64) error { + return makeEmailPrimaryInternal(ctx, emailID, true) +} + +func MakeInactiveEmailPrimary(ctx context.Context, emailID int64) error { + return makeEmailPrimaryInternal(ctx, emailID, false) +} + +func makeEmailPrimaryInternal(ctx context.Context, emailID int64, isActive bool) error { + email := &EmailAddress{} + if has, err := db.GetEngine(ctx).ID(emailID).Where(builder.Eq{"is_activated": isActive}).Get(email); err != nil { return err } else if !has { - return ErrEmailAddressNotExist{Email: email.Email} - } - - if !email.IsActivated { - return ErrEmailNotActivated + return ErrEmailAddressNotExist{} } user := &User{} - has, err = db.GetEngine(ctx).ID(email.UID).Get(user) - if err != nil { + if has, err := db.GetEngine(ctx).ID(email.UID).Get(user); err != nil { return err } else if !has { - return ErrUserNotExist{ - UID: email.UID, - } + return ErrUserNotExist{UID: email.UID} } ctx, committer, err := db.TxContext(ctx) @@ -365,6 +362,21 @@ func MakeEmailPrimary(ctx context.Context, email *EmailAddress) error { return committer.Commit() } +// ChangeInactivePrimaryEmail replaces the inactive primary email of a given user +func ChangeInactivePrimaryEmail(ctx context.Context, uid int64, oldEmailAddr, newEmailAddr string) error { + return db.WithTx(ctx, func(ctx context.Context) error { + _, err := db.GetEngine(ctx).Where(builder.Eq{"uid": uid, "lower_email": strings.ToLower(oldEmailAddr)}).Delete(&EmailAddress{}) + if err != nil { + return err + } + newEmail, err := InsertEmailAddress(ctx, &EmailAddress{UID: uid, Email: newEmailAddr}) + if err != nil { + return err + } + return MakeInactiveEmailPrimary(ctx, newEmail.ID) + }) +} + // VerifyActiveEmailCode verifies active email code when active account func VerifyActiveEmailCode(ctx context.Context, code, email string) *EmailAddress { minutes := setting.Service.ActiveCodeLives diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go index 140443f82f..dc3073f98b 100644 --- a/models/user/email_address_test.go +++ b/models/user/email_address_test.go @@ -45,31 +45,22 @@ func TestIsEmailUsed(t *testing.T) { func TestMakeEmailPrimary(t *testing.T) { assert.NoError(t, unittest.PrepareTestDatabase()) - email := &user_model.EmailAddress{ - Email: "user567890@example.com", - } - err := user_model.MakeEmailPrimary(db.DefaultContext, email) + err := user_model.MakeActiveEmailPrimary(db.DefaultContext, 9999999) assert.Error(t, err) - assert.EqualError(t, err, user_model.ErrEmailAddressNotExist{Email: email.Email}.Error()) + assert.ErrorIs(t, err, user_model.ErrEmailAddressNotExist{}) - email = &user_model.EmailAddress{ - Email: "user11@example.com", - } - err = user_model.MakeEmailPrimary(db.DefaultContext, email) + email := unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{Email: "user11@example.com"}) + err = user_model.MakeActiveEmailPrimary(db.DefaultContext, email.ID) assert.Error(t, err) - assert.EqualError(t, err, user_model.ErrEmailNotActivated.Error()) + assert.ErrorIs(t, err, user_model.ErrEmailAddressNotExist{}) // inactive email is considered as not exist for "MakeActiveEmailPrimary" - email = &user_model.EmailAddress{ - Email: "user9999999@example.com", - } - err = user_model.MakeEmailPrimary(db.DefaultContext, email) + email = unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{Email: "user9999999@example.com"}) + err = user_model.MakeActiveEmailPrimary(db.DefaultContext, email.ID) assert.Error(t, err) assert.True(t, user_model.IsErrUserNotExist(err)) - email = &user_model.EmailAddress{ - Email: "user101@example.com", - } - err = user_model.MakeEmailPrimary(db.DefaultContext, email) + email = unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{Email: "user101@example.com"}) + err = user_model.MakeActiveEmailPrimary(db.DefaultContext, email.ID) assert.NoError(t, err) user, _ := user_model.GetUserByID(db.DefaultContext, int64(10)) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index a0ad09f776..6d4e109e1d 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -368,7 +368,7 @@ forgot_password_title= Forgot Password forgot_password = Forgot password? sign_up_now = Need an account? Register now. sign_up_successful = Account was successfully created. Welcome! -confirmation_mail_sent_prompt = A new confirmation email has been sent to %s. Please check your inbox within the next %s to complete the registration process. +confirmation_mail_sent_prompt_ex = A new confirmation email has been sent to %s. Please check your inbox within the next %s to complete the registration process. If your registration email address is incorrect, you can sign in again and change it. must_change_password = Update your password allow_password_change = Require user to change password (recommended) reset_password_mail_sent_prompt = A confirmation email has been sent to %s. Please check your inbox within the next %s to complete the account recovery process. @@ -378,6 +378,7 @@ prohibit_login = Sign In Prohibited prohibit_login_desc = Your account is prohibited from signing in, please contact your site administrator. resent_limit_prompt = You have already requested an activation email recently. Please wait 3 minutes and try again. has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (%s). If you haven't received a confirmation email or need to resend a new one, please click on the button below. +change_unconfirmed_mail_address = If your registration email address is incorrect, you can change it here and resend a new confirmation email. resend_mail = Click here to resend your activation email email_not_associate = The email address is not associated with any account. send_reset_mail = Send Account Recovery Email diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index fee6a89a99..7704a110a6 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -646,7 +646,7 @@ func sendActivateEmail(ctx *context.Context, u *user_model.User) { mailer.SendActivateAccountMail(ctx.Locale, u) activeCodeLives := timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale) - msgHTML := ctx.Locale.Tr("auth.confirmation_mail_sent_prompt", u.Email, activeCodeLives) + msgHTML := ctx.Locale.Tr("auth.confirmation_mail_sent_prompt_ex", u.Email, activeCodeLives) renderActivationPromptMessage(ctx, msgHTML) } @@ -656,6 +656,10 @@ func renderActivationVerifyPassword(ctx *context.Context, code string) { ctx.HTML(http.StatusOK, TplActivate) } +func renderActivationChangeEmail(ctx *context.Context) { + ctx.HTML(http.StatusOK, TplActivate) +} + // Activate render activate user page func Activate(ctx *context.Context) { code := ctx.FormString("code") @@ -674,7 +678,7 @@ func Activate(ctx *context.Context) { return } - // Resend confirmation email. + // Resend confirmation email. FIXME: ideally this should be in a POST request sendActivateEmail(ctx, ctx.Doer) return } @@ -698,7 +702,28 @@ func Activate(ctx *context.Context) { // ActivatePost handles account activation with password check func ActivatePost(ctx *context.Context) { code := ctx.FormString("code") - if code == "" || (ctx.Doer != nil && ctx.Doer.IsActive) { + if ctx.Doer != nil && ctx.Doer.IsActive { + ctx.Redirect(setting.AppSubURL + "/user/activate") // it will redirect again to the correct page + return + } + + if code == "" { + newEmail := strings.TrimSpace(ctx.FormString("change_email")) + if ctx.Doer != nil && newEmail != "" && !strings.EqualFold(ctx.Doer.Email, newEmail) { + if user_model.ValidateEmail(newEmail) != nil { + ctx.Flash.Error(ctx.Locale.Tr("form.email_invalid"), true) + renderActivationChangeEmail(ctx) + return + } + err := user_model.ChangeInactivePrimaryEmail(ctx, ctx.Doer.ID, ctx.Doer.Email, newEmail) + if err != nil { + ctx.Flash.Error(ctx.Locale.Tr("admin.emails.not_updated", newEmail), true) + renderActivationChangeEmail(ctx) + return + } + ctx.Doer.Email = newEmail + } + // FIXME: at the moment, GET request handles the "send confirmation email" action. But the old code does this redirect and then send a confirmation email. ctx.Redirect(setting.AppSubURL + "/user/activate") return } diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go index 23d3ca3161..abb5873e98 100644 --- a/routers/web/user/setting/account.go +++ b/routers/web/user/setting/account.go @@ -92,9 +92,9 @@ func EmailPost(ctx *context.Context) { ctx.Data["Title"] = ctx.Tr("settings") ctx.Data["PageIsSettingsAccount"] = true - // Make emailaddress primary. + // Make email address primary. if ctx.FormString("_method") == "PRIMARY" { - if err := user_model.MakeEmailPrimary(ctx, &user_model.EmailAddress{ID: ctx.FormInt64("id")}); err != nil { + if err := user_model.MakeActiveEmailPrimary(ctx, ctx.FormInt64("id")); err != nil { ctx.ServerError("MakeEmailPrimary", err) return } diff --git a/templates/user/auth/activate.tmpl b/templates/user/auth/activate.tmpl index 51dc1eb6a6..e32a5d8707 100644 --- a/templates/user/auth/activate.tmpl +++ b/templates/user/auth/activate.tmpl @@ -21,6 +21,13 @@ {{else}}

{{ctx.Locale.Tr "auth.has_unconfirmed_mail" .SignedUser.Name .SignedUser.Email}}

+
+ {{ctx.Locale.Tr "auth.change_unconfirmed_mail_address"}} +
+ + +
+
diff --git a/tests/integration/signup_test.go b/tests/integration/signup_test.go index fbf586f696..e9a05201ee 100644 --- a/tests/integration/signup_test.go +++ b/tests/integration/signup_test.go @@ -107,13 +107,25 @@ func TestSignupEmailActive(t *testing.T) { resp := MakeRequest(t, req, http.StatusOK) assert.Contains(t, resp.Body.String(), `A new confirmation email has been sent to email-1@example.com.`) - // access "user/active" means trying to re-send the activation email + // access "user/activate" means trying to re-send the activation email session := loginUserWithPassword(t, "test-user-1", "password1") resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/activate"), http.StatusOK) assert.Contains(t, resp.Body.String(), "You have already requested an activation email recently") - // access "user/active" with a valid activation code, then get the "verify password" page + // access anywhere else will see a "Activate Your Account" prompt, and there is a chance to change email + resp = session.MakeRequest(t, NewRequest(t, "GET", "/user/issues"), http.StatusOK) + assert.Contains(t, resp.Body.String(), `