discourse/app/controllers/users_email_controller.rb

# frozen_string_literal: true

class UsersEmailController < ApplicationController

  requires_login only: [:index, :update]

  skip_before_action :check_xhr, only: [
    :confirm_old_email,
    :show_confirm_old_email,
    :confirm_new_email,
    :show_confirm_new_email
  ]

  skip_before_action :redirect_to_login_if_required, only: [
    :confirm_old_email,
    :show_confirm_old_email,
    :confirm_new_email,
    :show_confirm_new_email
  ]

  before_action :require_login, only: [
    :confirm_old_email,
    :show_confirm_old_email,
    :confirm_new_email,
    :show_confirm_new_email
  ]

  def index
  end

  def update
    params.require(:email)
    user = fetch_user_from_params

    RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!
    RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!

    updater = EmailUpdater.new(guardian, user)
    updater.change_to(params[:email])

    if updater.errors.present?
      return render_json_error(updater.errors.full_messages)
    end

    render body: nil
  rescue RateLimiter::LimitExceeded
    render_json_error(I18n.t("rate_limiter.slow_down"))
  end

  def confirm_new_email
    load_change_request(:new)

    if @change_request&.change_state != EmailChangeRequest.states[:authorizing_new]
      @error = I18n.t("change_email.already_done")
    end

    redirect_url = path("/u/confirm-new-email/#{params[:token]}")

    if !@error && @user.totp_enabled? && !@user.authenticate_second_factor(params[:second_factor_token], params[:second_factor_method].to_i)
      RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
      flash[:invalid_second_factor] = true
      redirect_to redirect_url
      return
    end

    if !@error
      updater = EmailUpdater.new
      if updater.confirm(params[:token]) == :complete
        updater.user.user_stat.reset_bounce_score!
      else
        @error = I18n.t("change_email.already_done")
      end
    end

    if @error
      flash[:error] = @error
      redirect_to redirect_url
    else
      redirect_to "#{redirect_url}?done=true"
    end
  end

  def show_confirm_new_email
    load_change_request(:new)

    if params[:done].to_s == "true"
      @done = true
    end

    if @change_request&.change_state != EmailChangeRequest.states[:authorizing_new]
      @error = I18n.t("change_email.already_done")
    end

    @show_invalid_second_factor_error = flash[:invalid_second_factor]

    if !@error
      if @user.totp_enabled?
        @backup_codes_enabled = @user.backup_codes_enabled?
        if params[:show_backup].to_s == "true" && @backup_codes_enabled
          @show_backup_codes = true
        else
          @show_second_factor = true
        end
      end

      @to_email = @change_request.new_email
    end

    render layout: 'no_ember'
  end

  def confirm_old_email
    load_change_request(:old)

    if @change_request&.change_state != EmailChangeRequest.states[:authorizing_old]
      @error = I18n.t("change_email.already_done")
    end

    redirect_url = path("/u/confirm-old-email/#{params[:token]}")

    if !@error
      updater = EmailUpdater.new
      if updater.confirm(params[:token]) != :authorizing_new
        @error = I18n.t("change_email.already_done")
      end
    end

    if @error
      flash[:error] = @error
      redirect_to redirect_url
    else
      redirect_to "#{redirect_url}?done=true"
    end
  end

  def show_confirm_old_email
    load_change_request(:old)

    if @change_request&.change_state != EmailChangeRequest.states[:authorizing_old]
      @error = I18n.t("change_email.already_done")
    end

    if params[:done].to_s == "true"
      @almost_done = true
    end

    if !@error
      @from_email = @user.email
      @to_email = @change_request.new_email
    end

    render layout: 'no_ember'
  end

  private

  def load_change_request(type)
    expires_now

    @token = EmailToken.confirmable(params[:token])

    if @token
      if type == :old
        @change_request = @token.user&.email_change_requests.where(old_email_token_id: @token.id).first
      elsif type == :new
        @change_request = @token.user&.email_change_requests.where(new_email_token_id: @token.id).first
      end
    end

    @user = @token&.user

    if (!@user || !@change_request)
      @error = I18n.t("change_email.already_done")
    end

    if current_user.id != @user&.id
      @error = I18n.t 'change_email.wrong_account_error'
    end
  end

  def require_login
    if !current_user
      redirect_to_login
    end
  end

end
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging 2019-05-02 17:17:27 -05:00			`# frozen_string_literal: true`

Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00			`class UsersEmailController < ApplicationController`

Refactor requires login logic, reduce duplicate code This also corrects the positioning in the chain of the check and removes misuse of prepend_before_action 2018-01-31 22:17:59 -06:00			`requires_login only: [:index, :update]`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 13:40:11 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`skip_before_action :check_xhr, only: [`
			`:confirm_old_email,`
			`:show_confirm_old_email,`
			`:confirm_new_email,`
			`:show_confirm_new_email`
			`]`

			`skip_before_action :redirect_to_login_if_required, only: [`
			`:confirm_old_email,`
			`:show_confirm_old_email,`
			`:confirm_new_email,`
			`:show_confirm_new_email`
			`]`

			`before_action :require_login, only: [`
			`:confirm_old_email,`
			`:show_confirm_old_email,`
			`:confirm_new_email,`
			`:show_confirm_new_email`
			`]`
Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00
			`def index`
			`end`

			`def update`
			`params.require(:email)`
			`user = fetch_user_from_params`

			`RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!`
			`RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!`

SECURITY: Support for confirm old as well as new email accounts 2016-03-07 13:40:11 -06:00			`updater = EmailUpdater.new(guardian, user)`
			`updater.change_to(params[:email])`
Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 13:40:11 -06:00			`if updater.errors.present?`
			`return render_json_error(updater.errors.full_messages)`
			`end`
Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00
Fix all the errors to get our tests green on Rails 5.1. 2017-08-30 23:06:56 -05:00			`render body: nil`
Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00			`rescue RateLimiter::LimitExceeded`
			`render_json_error(I18n.t("rate_limiter.slow_down"))`
			`end`

FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`def confirm_new_email`
			`load_change_request(:new)`

			`if @change_request&.change_state != EmailChangeRequest.states[:authorizing_new]`
			`@error = I18n.t("change_email.already_done")`
			`end`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`redirect_url = path("/u/confirm-new-email/#{params[:token]}")`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`if !@error && @user.totp_enabled? && !@user.authenticate_second_factor(params[:second_factor_token], params[:second_factor_method].to_i)`
			`RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!`
			`flash[:invalid_second_factor] = true`
			`redirect_to redirect_url`
			`return`
			`end`

			`if !@error`
			`updater = EmailUpdater.new`
			`if updater.confirm(params[:token]) == :complete`
			`updater.user.user_stat.reset_bounce_score!`
			`else`
			`@error = I18n.t("change_email.already_done")`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00			`end`
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`end`

			`if @error`
			`flash[:error] = @error`
			`redirect_to redirect_url`
			`else`
			`redirect_to "#{redirect_url}?done=true"`
			`end`
			`end`

			`def show_confirm_new_email`
			`load_change_request(:new)`

			`if params[:done].to_s == "true"`
			`@done = true`
			`end`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`if @change_request&.change_state != EmailChangeRequest.states[:authorizing_new]`
			`@error = I18n.t("change_email.already_done")`
			`end`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`@show_invalid_second_factor_error = flash[:invalid_second_factor]`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`if !@error`
			`if @user.totp_enabled?`
			`@backup_codes_enabled = @user.backup_codes_enabled?`
			`if params[:show_backup].to_s == "true" && @backup_codes_enabled`
			`@show_backup_codes = true`
			`else`
			`@show_second_factor = true`
			`end`
FEATURE: Implement 2factor login TOTP implemented review items. Blocking previous codes - valid 2-factor auth tokens can only be authenticated once/30 seconds. I played with updating the “last used” any time the token was attempted but that seemed to be overkill, and frustrating as to why a token would fail. Translatable texts. Move second factor logic to a helper class. Move second factor specific controller endpoints to its own controller. Move serialization logic for 2-factor details in admin user views. Add a login ember component for de-duplication Fix up code formatting Change verbiage of google authenticator add controller tests: second factor controller tests change email tests change password tests admin login tests add qunit tests - password reset, preferences fix: check for 2factor on change email controller fix: email controller - only show second factor errors on attempt fix: check against 'true' to enable second factor. Add modal for explaining what 2fa with links to Google Authenticator/FreeOTP add two factor to email signin link rate limit if second factor token present add rate limiter test for second factor attempts 2017-12-21 19:18:12 -06:00			`end`

FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`@to_email = @change_request.new_email`
			`end`

			`render layout: 'no_ember'`
			`end`

			`def confirm_old_email`
			`load_change_request(:old)`

			`if @change_request&.change_state != EmailChangeRequest.states[:authorizing_old]`
			`@error = I18n.t("change_email.already_done")`
			`end`

			`redirect_url = path("/u/confirm-old-email/#{params[:token]}")`

			`if !@error`
			`updater = EmailUpdater.new`
			`if updater.confirm(params[:token]) != :authorizing_new`
			`@error = I18n.t("change_email.already_done")`
Review Changes for https://github.com/discourse/discourse/pull/5612/commits/f4f8a293e74e6a37c7bee7645d9ca1d72a7d5bd3. 2018-02-20 00:44:51 -06:00			`end`
reset bounce score when email is successfully changed 2017-02-20 03:37:01 -06:00			`end`
SECURITY: Support for confirm old as well as new email accounts 2016-03-07 13:40:11 -06:00
FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`if @error`
			`flash[:error] = @error`
			`redirect_to redirect_url`
			`else`
			`redirect_to "#{redirect_url}?done=true"`
			`end`
			`end`

			`def show_confirm_old_email`
			`load_change_request(:old)`

			`if @change_request&.change_state != EmailChangeRequest.states[:authorizing_old]`
			`@error = I18n.t("change_email.already_done")`
			`end`

			`if params[:done].to_s == "true"`
			`@almost_done = true`
			`end`

			`if !@error`
			`@from_email = @user.email`
			`@to_email = @change_request.new_email`
			`end`

SECURITY: Support for confirm old as well as new email accounts 2016-03-07 13:40:11 -06:00			`render layout: 'no_ember'`
			`end`

FEATURE: improve email change workflow - Show old and new email address during the process - Ensure correct user is logged on when attempting to make email changes - Support reloading a page during the email reset process without resubmit of form - Improve tests - Fixed issue where redirect back to site was not linking correctly in subfolder setups Internal refactor of single action into 4 distinct actions that are simpler to reason about. This also removes the step that logs on an account after you confirm an email change, since it is no longer needed which leaves us with safer internals. This left me no choice but to amend translations cause the old route was removed. 2019-11-20 01:31:25 -06:00			`private`

			`def load_change_request(type)`
			`expires_now`

			`@token = EmailToken.confirmable(params[:token])`

			`if @token`
			`if type == :old`
			`@change_request = @token.user&.email_change_requests.where(old_email_token_id: @token.id).first`
			`elsif type == :new`
			`@change_request = @token.user&.email_change_requests.where(new_email_token_id: @token.id).first`
			`end`
			`end`

			`@user = @token&.user`

			`if (!@user \|\| !@change_request)`
			`@error = I18n.t("change_email.already_done")`
			`end`

			`if current_user.id != @user&.id`
			`@error = I18n.t 'change_email.wrong_account_error'`
			`end`
			`end`

			`def require_login`
			`if !current_user`
			`redirect_to_login`
			`end`
			`end`

Move updating a user's email to its own controller 2016-03-07 12:45:33 -06:00			`end`