Merge branch 'emailvalidation'

2025-08-04 16:51:36 +02:00 · 2016-05-14 23:21:22 -04:00 · 2016-05-14 23:21:22 -04:00 · 6b88c8339d
commit 6b88c8339d
parent ce21f8386f f97ebd9781
19 changed files with 181 additions and 28 deletions
--- a/app/api.rb
+++ b/app/api.rb
@ -138,6 +138,7 @@ end
 def require_api_credentials
  if !request.env['HTTP_AUTHORIZATION'].nil?
    init_api_credentials
+    api_error(403, 'email_not_validated', 'you need to validate your email address before using the API') if email_not_validated?
  else
    api_error_invalid_auth
  end
--- a/app/settings.rb
+++ b/app/settings.rb
@ -280,9 +280,15 @@ end
 post '/settings/change_email' do
  require_login

+  if params[:from_confirm]
+    redirect_url = "/site/#{parent_site.username}/confirm_email"
+  else
+    redirect_url = '/settings#email'
+  end
+
  if params[:email] == parent_site.email
    flash[:error] = 'You are already using this email address for this account.'
-    redirect '/settings#email'
+    redirect redirect_url
  end

  parent_site.email = params[:email]
@ -292,12 +298,17 @@ post '/settings/change_email' do
  if parent_site.valid?
    parent_site.save_changes
    send_confirmation_email
-    flash[:success] = 'Successfully changed email. We have sent a confirmation email, please use it to confirm your email address.'
-    redirect '/settings#email'
+    if !parent_site.supporter?
+      session[:fromsettings] = true
+      redirect "/site/#{parent_site.email}/confirm_email"
+    else
+      flash[:success] = 'Email address changed.'
+      redirect '/settings#email'
+    end
  end

  flash[:error] = parent_site.errors.first.last.first
-  redirect '/settings#email'
+  redirect redirect_url
 end

 post '/settings/change_email_notification' do
--- a/app/site.rb
+++ b/app/site.rb
@ -172,8 +172,23 @@ post '/site/create_directory' do
 end

 get '/site/:username/confirm_email/:token' do
+  if current_site && current_site.email_confirmed
+    return erb(:'site_email_confirmed')
+  end
+
  site = Site[username: params[:username]]
-  if !site.nil? && site.email_confirmation_token == params[:token]
+
+  if site.nil?
+    return erb(:'site_email_not_confirmed')
+  end
+
+  if site.email_confirmed
+    return erb(:'site_email_confirmed')
+  end
+
+  if site.email_confirmation_token == params[:token]
+    site.email_confirmation_token = nil
+    site.email_confirmation_count = 0
    site.email_confirmed = true
    site.save_changes

@ -183,6 +198,47 @@ get '/site/:username/confirm_email/:token' do
  end
 end

+get '/site/:username/confirm_email' do
+  require_login
+  @fromsettings = session[:fromsettings]
+  redirect '/' if current_site.username != params[:username] || !current_site.parent? || current_site.email_confirmed
+  erb :'site/confirm_email'
+end
+
+post '/site/:username/confirm_email' do
+  require_login
+
+  redirect '/' if current_site.username != params[:username] || !current_site.parent? || current_site.email_confirmed
+
+  # Update email, resend token
+  if params[:email]
+    send_confirmation_email @site
+  end
+
+  if params[:token].blank?
+    flash[:error] = 'You must enter a valid token.'
+    redirect "/site/#{current_site.username}/confirm_email"
+  end
+
+  if current_site.email_confirmation_token == params[:token]
+    current_site.email_confirmation_token = nil
+    current_site.email_confirmation_count = 0
+    current_site.email_confirmed = true
+    current_site.save_changes
+
+    if session[:fromsettings]
+      session[:fromsettings] = nil
+      flash[:success] = 'Email address changed.'
+      redirect '/settings#email'
+    end
+
+    redirect '/tutorial'
+  else
+    flash[:error] = 'You must enter a valid token.'
+    redirect "/site/#{current_site.username}/confirm_email"
+  end
+end
+
 post '/site/:username/report' do |username|
  site = Site[username: username]