profile: send an email when the account is already taken

2019-07-09 17:08:27 +02:00 · 2019-07-09 17:08:27 +02:00 · 03fc555edf
commit 03fc555edf
parent 80074d6d82
6 changed files with 67 additions and 3 deletions
--- a/app/controllers/users/profil_controller.rb
+++ b/app/controllers/users/profil_controller.rb
@ -12,8 +12,9 @@ module Users
    def update_email
      if @current_user.update(update_email_params)
        flash.notice = t('devise.registrations.update_needs_confirmation')
-      # to avoid leaking who has signed in
      elsif @current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
+        UserMailer.account_already_taken(@current_user, requested_email).deliver_later
+        # avoid leaking information about whether an account with this email exists or not
        flash.notice = t('devise.registrations.update_needs_confirmation')
      else
        flash.alert = @current_user.errors.full_messages
@ -27,5 +28,9 @@ module Users
    def update_email_params
      params.require(:user).permit(:email)
    end
+
+    def requested_email
+      update_email_params[:email]
+    end
  end
 end