diff --git a/app/controllers/users/profil_controller.rb b/app/controllers/users/profil_controller.rb index f976a8775..13c9c7f20 100644 --- a/app/controllers/users/profil_controller.rb +++ b/app/controllers/users/profil_controller.rb @@ -12,8 +12,9 @@ module Users def update_email if @current_user.update(update_email_params) flash.notice = t('devise.registrations.update_needs_confirmation') - # to avoid leaking who has signed in elsif @current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken } + UserMailer.account_already_taken(@current_user, requested_email).deliver_later + # avoid leaking information about whether an account with this email exists or not flash.notice = t('devise.registrations.update_needs_confirmation') else flash.alert = @current_user.errors.full_messages @@ -27,5 +28,9 @@ module Users def update_email_params params.require(:user).permit(:email) end + + def requested_email + update_email_params[:email] + end end end diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb index 2304d41fd..d0f7b91f6 100644 --- a/app/mailers/user_mailer.rb +++ b/app/mailers/user_mailer.rb @@ -8,4 +8,12 @@ class UserMailer < ApplicationMailer mail(to: user.email, subject: @subject) end + + def account_already_taken(user, requested_email) + @user = user + @requested_email = requested_email + @subject = "Changement d’adresse email" + + mail(to: requested_email, subject: @subject) + end end diff --git a/app/views/user_mailer/account_already_taken.haml b/app/views/user_mailer/account_already_taken.haml new file mode 100644 index 000000000..85cbf69ac --- /dev/null +++ b/app/views/user_mailer/account_already_taken.haml @@ -0,0 +1,20 @@ +- content_for(:title, @subject) + +%p + Bonjour, + +%p + L’utilisateur « #{@user.email} » a demandé le changement de son adresse vers « #{@requested_email} ». + +%p + Malheureusement, votre compte « #{@requested_email} » existe déjà. Nous ne pouvons pas fusionner automatiquement vos comptes. + +%p + %strong Nous ne pouvons donc pas effectuer le changement d’adresse email. + +%p + Si vous n'êtes pas à l’origine de cette demande, vous pouvez ignorer ce message. Et si vous avez besoin d’assistance, n’hésitez pas à nous contacter à + = succeed '.' do + = mail_to CONTACT_EMAIL + += render partial: "layouts/mailers/signature" diff --git a/spec/controllers/users/profil_controller_spec.rb b/spec/controllers/users/profil_controller_spec.rb index e151e2f82..38f46f2dd 100644 --- a/spec/controllers/users/profil_controller_spec.rb +++ b/spec/controllers/users/profil_controller_spec.rb @@ -1,6 +1,8 @@ require 'spec_helper' describe Users::ProfilController, type: :controller do + include ActiveJob::TestHelper + let(:user) { create(:user) } before { sign_in(user) } @@ -34,13 +36,17 @@ describe Users::ProfilController, type: :controller do end context 'when the mail is already taken' do - let!(:user2) { create(:user) } + let(:existing_user) { create(:user) } before do - patch :update_email, params: { user: { email: user2.email } } + perform_enqueued_jobs do + patch :update_email, params: { user: { email: existing_user.email } } + end user.reload end + it { expect(user.unconfirmed_email).to be_nil } + it { expect(ActionMailer::Base.deliveries.last.to).to eq([existing_user.email]) } it { expect(response).to redirect_to(profil_path) } it { expect(flash.notice).to eq(I18n.t('devise.registrations.update_needs_confirmation')) } end diff --git a/spec/mailers/previews/user_mailer_preview.rb b/spec/mailers/previews/user_mailer_preview.rb index 4204d63be..e99994fa4 100644 --- a/spec/mailers/previews/user_mailer_preview.rb +++ b/spec/mailers/previews/user_mailer_preview.rb @@ -3,6 +3,10 @@ class UserMailerPreview < ActionMailer::Preview UserMailer.new_account_warning(user) end + def account_already_taken + UserMailer.account_already_taken(user, 'dircab@territoires.gouv.fr') + end + private def user diff --git a/spec/mailers/user_mailer_spec.rb b/spec/mailers/user_mailer_spec.rb new file mode 100644 index 000000000..dd48194a5 --- /dev/null +++ b/spec/mailers/user_mailer_spec.rb @@ -0,0 +1,21 @@ +require "rails_helper" + +RSpec.describe UserMailer, type: :mailer do + let(:user) { build(:user) } + + describe '.new_account_warning' do + subject { described_class.new_account_warning(user) } + + it { expect(subject.to).to eq([user.email]) } + it { expect(subject.body).to include(user.email) } + end + + describe '.account_already_taken' do + let(:requested_email) { 'new@exemple.fr' } + + subject { described_class.account_already_taken(user, requested_email) } + + it { expect(subject.to).to eq([requested_email]) } + it { expect(subject.body).to include(requested_email) } + end +end