add confirmation for tiers email

2024-07-10 10:57:26 +02:00 · 2024-07-10 10:57:26 +02:00 · 3b138d5bb7
commit 3b138d5bb7
parent 68cf6b58a3
7 changed files with 75 additions and 2 deletions
--- a/app/controllers/users/activate_controller.rb
+++ b/app/controllers/users/activate_controller.rb
@ -30,6 +30,20 @@ class Users::ActivateController < ApplicationController
    end
  end

+  def confirm_email
+    user = User.find_by(confirmation_token: params[:token])
+    if user && user.email_verified_at
+      flash[:notice] = "Votre email est déjà vérifié"
+    elsif user && user.confirmation_sent_at > 2.days.ago
+      user.update!(email_verified_at: Time.zone.now)
+      flash[:notice] = 'Votre email a bien été vérifié'
+    else
+      flash[:alert] = "le lien est trop vieux"
+      #to do relancer un lien if user
+    end
+    redirect_to root_path(user)
+  end
+
  private

  def user_params
--- a/app/controllers/users/dossiers_controller.rb
+++ b/app/controllers/users/dossiers_controller.rb
@ -147,10 +147,14 @@ module Users
    def update_identite
      @dossier = dossier
      @no_description = true
+      email = dossier_params[:individual_attributes][:email]

      if @dossier.update(dossier_params) && @dossier.individual.valid?
-        # TODO: remove this after proper mandat email validation
-        @dossier.individual.update!(email_verified_at: Time.zone.now)
+        # verify for_tiers email
+        if email.present?
+          User.create_or_promote_to_tiers(email, SecureRandom.hex, @dossier)
+        end
+
        @dossier.update!(autorisation_donnees: true, identity_updated_at: Time.zone.now)
        flash.notice = t('.identity_saved')

--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -48,6 +48,21 @@ class UserMailer < ApplicationMailer
      reply_to: Current.contact_email)
  end

+  def invite_tiers(user, token, dossier)
+    @token = token
+    @user = user
+    @dossier = dossier
+    subject = "Vérification de votre mail"
+
+    configure_defaults_for_user(user)
+
+    bypass_unverified_mail_protection!
+
+    mail(to: user.email,
+      subject: subject,
+      reply_to: Current.contact_email)
+  end
+
  def invite_gestionnaire(user, reset_password_token, groupe_gestionnaire)
    @reset_password_token = reset_password_token
    @user = user
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -83,6 +83,12 @@ class User < ApplicationRecord
    UserMailer.invite_instructeur(self, set_reset_password_token).deliver_later
  end

+  def invite_tiers!(dossier)
+    token = SecureRandom.hex(10)
+    self.update!(confirmation_token: token, confirmation_sent_at: Time.zone.now)
+    UserMailer.invite_tiers(self, token, dossier).deliver_later
+  end
+
  def invite_gestionnaire!(groupe_gestionnaire)
    UserMailer.invite_gestionnaire(self, set_reset_password_token, groupe_gestionnaire).deliver_later
  end
@ -130,6 +136,17 @@ class User < ApplicationRecord
    user
  end

+  def self.create_or_promote_to_tiers(email, password, dossier)
+    user = User
+        .create_with(password: password, confirmed_at: Time.zone.now)
+        .find_or_create_by(email: email)
+
+    if user.valid? && user.unverified_email?
+      user.invite_tiers!(dossier)
+    end
+    user
+  end
+
  def self.create_or_promote_to_administrateur(email, password)
    user = User.create_or_promote_to_instructeur(email, password)

--- a/app/views/user_mailer/invite_tiers.html.haml
+++ b/app/views/user_mailer/invite_tiers.html.haml
@ -0,0 +1,18 @@
+- content_for(:title, "Vérification de votre mail sur #{Current.application_name}")
+
+%p
+  Bonjour,
+
+%p
+  Un dossier sur la démarche : #{@dossier.procedure.libelle} a été démarré en votre nom par #{@dossier.user.email}.
+
+
+%p
+  Pour continuer à recevoir les mails concernant votre dossier, vous devez confirmer votre adresse email en cliquant sur ce lien :
+
+  = link_to(users_confirm_email_url(token: @token), users_confirm_email_url(token: @token))
+
+%p
+  Pour en savoir plus, veuillez vous rapprocher de #{@dossier.user.email}.
+
+= render partial: "layouts/mailers/signature"
--- a/config/routes.rb
+++ b/config/routes.rb
@ -276,6 +276,7 @@ Rails.application.routes.draw do

    get 'activate' => '/users/activate#new'
    patch 'activate' => '/users/activate#create'
+    get 'confirm_email/:token' => '/users/activate#confirm_email', as: :confirm_email
  end

  # order matters: we don't want those routes to match /admin/procedures/:id
--- a/spec/mailers/previews/user_mailer_preview.rb
+++ b/spec/mailers/previews/user_mailer_preview.rb
@ -24,6 +24,10 @@ class UserMailerPreview < ActionMailer::Preview
    UserMailer.invite_instructeur(user, 'aedfa0d0')
  end

+  def invite_tiers
+    UserMailer.invite_tiers(user, 'aedfa0d0', Dossier.first )
+  end
+
  def invite_gestionnaire
    groupe_gestionnaire = GroupeGestionnaire.new(name: 'Root admins group')
    UserMailer.invite_gestionnaire(user, 'aedfa0d0', groupe_gestionnaire)