Fix email update flow for selfhosted setup with verification disabled (#3408)

2024-09-11 18:07:33 +03:00 · 2023-10-11 15:12:57 +02:00 · 2023-10-11 15:12:57 +02:00 · 192aefc493
commit 192aefc493
parent 303b3509f7
3 changed files with 56 additions and 7 deletions
--- a/lib/plausible/auth/user.ex
+++ b/lib/plausible/auth/user.ex
@ -69,7 +69,7 @@ defmodule Plausible.Auth.User do
    |> validate_email_changed()
    |> check_password()
    |> unique_constraint(:email)
-    |> put_change(:email_verified, false)
+    |> set_email_verified()
    |> put_change(:previous_email, user.email)
  end

--- a/lib/plausible_web/controllers/auth_controller.ex
+++ b/lib/plausible_web/controllers/auth_controller.ex
@ -99,9 +99,7 @@ defmodule PlausibleWeb.AuthController do
      :ok ->
        cond do
          has_any_memberships? ->
-            conn
-            |> put_flash(:success, "Email updated successfully")
-            |> redirect(to: Routes.auth_path(conn, :user_settings) <> "#change-email-address")
+            handle_email_updated(conn)

          has_any_invitations? ->
            redirect(conn, to: Routes.site_path(conn, :index))
@ -351,9 +349,12 @@ defmodule PlausibleWeb.AuthController do

    case Repo.update(changes) do
      {:ok, user} ->
-        send_email_verification(user)
-
-        redirect(conn, to: Routes.auth_path(conn, :activate_form))
+        if user.email_verified do
+          handle_email_updated(conn)
+        else
+          send_email_verification(user)
+          redirect(conn, to: Routes.auth_path(conn, :activate_form))
+        end

      {:error, changeset} ->
        settings_changeset = Auth.User.settings_changeset(conn.assigns[:current_user])
@ -381,6 +382,12 @@ defmodule PlausibleWeb.AuthController do
    end
  end

+  defp handle_email_updated(conn) do
+    conn
+    |> put_flash(:success, "Email updated successfully")
+    |> redirect(to: Routes.auth_path(conn, :user_settings) <> "#change-email-address")
+  end
+
  defp render_settings(conn, opts) do
    settings_changeset = Keyword.fetch!(opts, :settings_changeset)
    email_changeset = Keyword.fetch!(opts, :email_changeset)
--- a/test/plausible_web/controllers/auth_controller_sync_test.exs
+++ b/test/plausible_web/controllers/auth_controller_sync_test.exs
@ -0,0 +1,42 @@
+defmodule PlausibleWeb.AuthControllerSyncTest do
+  use PlausibleWeb.ConnCase
+  use Bamboo.Test
+  use Plausible.Repo
+
+  alias Plausible.Auth.User
+
+  describe "PUT /settings/email" do
+    setup [:create_user, :log_in]
+
+    test "updates email but DOES NOT force reverification when feature disabled", %{
+      conn: conn,
+      user: user
+    } do
+      patch_env(:selfhost, enable_email_verification: false)
+
+      password = "very-long-very-secret-123"
+
+      user
+      |> User.set_password(password)
+      |> Repo.update!()
+
+      assert user.email_verified
+
+      conn =
+        put(conn, "/settings/email", %{
+          "user" => %{"email" => "new" <> user.email, "password" => password}
+        })
+
+      assert redirected_to(conn, 302) ==
+               Routes.auth_path(conn, :user_settings) <> "#change-email-address"
+
+      updated_user = Repo.reload!(user)
+
+      assert updated_user.email == "new" <> user.email
+      assert updated_user.previous_email == user.email
+      assert updated_user.email_verified
+
+      assert_no_emails_delivered()
+    end
+  end
+end