From 4fe339f51f41dd334d807ad2f5a8e1cc15a53dff Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Tue, 12 Aug 2014 14:07:39 -0700
Subject: [PATCH] email confirmation

---
 app.rb                            | 35 ++++++++++++++++++++++++-------
 models/site.rb                    | 17 +++++++++++----
 views/settings.erb                | 13 ++++++++++++
 views/templates/email_confirm.erb |  4 ++--
 4 files changed, 56 insertions(+), 13 deletions(-)

diff --git a/app.rb b/app.rb
index c388897e..da9770c2 100644
--- a/app.rb
+++ b/app.rb
@@ -439,13 +439,7 @@ post '/create' do
       body: Tilt.new('./views/templates/email_welcome.erb', pretty: true).render(self)
     })
 
-    EmailWorker.perform_async({
-      from: 'web@neocities.org',
-      reply_to: 'contact@neocities.org',
-      to: @site.email,
-      subject: "[Neocities] Confirm your email address",
-      body: Tilt.new('./views/templates/email_confirm.erb', pretty: true).render(self)
-    })
+    send_confirmation_email @site
 
     session[:id] = @site.id
     redirect '/'
@@ -531,6 +525,23 @@ post '/change_password' do
   end
 end
 
+post '/change_email' do
+  require_login
+  current_site.email = params[:email]
+  current_site.email_confirmation_token = SecureRandom.hex 3
+  current_site.email_confirmed = false
+
+  if current_site.valid?
+    current_site.save_changes
+    send_confirmation_email
+    flash[:success] = 'Successfully changed email. We have sent a confirmation email, please use it to confirm your email address.'
+    redirect '/settings'
+  end
+
+  current_site.reload
+  erb :settings
+end
+
 post '/change_name' do
   require_login
   old_username = current_site.username
@@ -1252,3 +1263,13 @@ end
 def api_not_found
   api_error 404, 'not_found', 'the requested api call does not exist'
 end
+
+def send_confirmation_email(site=current_site)
+  EmailWorker.perform_async({
+    from: 'web@neocities.org',
+    reply_to: 'contact@neocities.org',
+    to: site.email,
+    subject: "[Neocities] Confirm your email address",
+    body: Tilt.new('./views/templates/email_confirm.erb', pretty: true).render(self, site: site)
+  })
+end
\ No newline at end of file
diff --git a/models/site.rb b/models/site.rb
index d2568348..de366a55 100644
--- a/models/site.rb
+++ b/models/site.rb
@@ -68,6 +68,8 @@ class Site < Sequel::Model
     /PHP\.Hide/
   ]
 
+  EMAIL_SANITY_REGEX = /.+@.+\..+/i
+
   BANNED_TIME = 2592000 # 30 days in seconds
 
   TITLE_MAX = 100
@@ -440,18 +442,25 @@ class Site < Sequel::Model
       errors.add :username, 'A valid user/site name is required.'
     end
 
-    if new? && values[:username].length > 32
+    if values[:username].length > 32
       errors.add :username, 'User/site name cannot exceed 32 characters.'
     end
 
     # Check that email has been provided
-    if new? && values[:email].empty?
+    if values[:email].empty?
       errors.add :email, 'An email address is required.'
     end
 
     # Check for existing email
-    if new? && self.class.select(:id).filter(email: values[:email]).first
-      errors.add :email, 'This email address already exists on Neocities, please use your existing account.'
+    email_check = self.class.select(:id).filter(email: values[:email]).first
+    if email_check && email_check.id == self.id
+      errors.add :email, 'You are already using this email address for this account.'
+    elsif email_check && email_check.id != self.id
+      errors.add :email, 'This email address already exists on Neocities, please use your existing account instead of creating a new one.'
+    end
+
+    unless values[:email] =~ EMAIL_SANITY_REGEX
+      errors.add :email, 'A valid email address is required.'
     end
 
     # Check for existing user
diff --git a/views/settings.erb b/views/settings.erb
index 6a7a48ae..41889bc1 100644
--- a/views/settings.erb
+++ b/views/settings.erb
@@ -56,6 +56,19 @@
      		<input class="btn-Action" type="submit" value="Change Password">
      	</form>
 
+      <h2>Change Email</h2>
+      <form method="POST" action="/change_email">
+        <%== csrf_token_input_html %>
+
+        <p>Current Email: <strong><%= current_site.email %></strong></p>
+        <p>New Email:</p>
+        <input class="input-Area" name="email" type="text">
+
+        <div>
+          <input class="btn-Action" type="submit" value="Change Email">
+        </div>
+      </form>
+
 
 
      	<h2>Change Site (User) Name</h2>
diff --git a/views/templates/email_confirm.erb b/views/templates/email_confirm.erb
index 0435301a..c56f923d 100644
--- a/views/templates/email_confirm.erb
+++ b/views/templates/email_confirm.erb
@@ -1,10 +1,10 @@
-Hello <%= @site.username %>,
+Hello <%= site.username %>,
 
 Please confirm your email address for Neocities!
 
 You can confirm your email address using the link below:
 
-https://neocities.org/site/<%= @site.username %>/confirm_email/<%= @site.email_confirmation_token %>
+https://neocities.org/site/<%= site.username %>/confirm_email/<%= site.email_confirmation_token %>
 
 Thank you!