Merge pull request #6774 from betagouv/US/merge-with-same-email-fail

fix(profil_controller#update_email): changing email from current_user.email to current_user.email destroy current user. whoops ☠️'
This commit is contained in:
mfo 2021-12-29 14:16:48 +01:00 committed by GitHub
commit a416a5ae33
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 36 additions and 7 deletions

View file

@ -14,9 +14,7 @@ module Users
def update_email
requested_user = User.find_by(email: requested_email)
if requested_user.present?
current_user.ask_for_merge(requested_user)
if requested_user.present? && current_user.ask_for_merge(requested_user)
current_user.update(unconfirmed_email: nil)
flash.notice = t('devise.registrations.update_needs_confirmation')

View file

@ -63,6 +63,8 @@ class User < ApplicationRecord
before_validation -> { sanitize_email(:email) }
validate :does_not_merge_on_self, if: :requested_merge_into_id_changed?
def validate_password_complexity?
administrateur?
end
@ -223,12 +225,21 @@ class User < ApplicationRecord
end
def ask_for_merge(requested_user)
update(requested_merge_into: requested_user)
UserMailer.ask_for_merge(self, requested_user.email).deliver_later
if update(requested_merge_into: requested_user)
UserMailer.ask_for_merge(self, requested_user.email).deliver_later
return true
else
return false
end
end
private
def does_not_merge_on_self
return if requested_merge_into_id != self.id
errors.add(:requested_merge_into, :same)
end
def link_invites!
Invite.where(email: email).update_all(user_id: id)
end

View file

@ -244,9 +244,16 @@ en:
one: User
other: Users
attributes:
default_attributes: &default_attributes
password: 'password'
requested_merge_into: 'new email address'
user:
siret: 'SIRET number'
password: 'password'
<< : *default_attributes
instructeur:
<< : *default_attributes
super_admin:
<< : *default_attributes
instructeur:
password: 'password'
errors:
@ -268,6 +275,8 @@ en:
too_short: 'is too short'
password_confirmation:
confirmation: ': The two passwords do not match'
requested_merge_into:
same: "can't be the same as the old one"
invite:
attributes:
email:

View file

@ -244,6 +244,7 @@ fr:
attributes:
default_attributes: &default_attributes
password: 'Le mot de passe'
requested_merge_into: 'La nouvelle adresse email'
user:
siret: 'Numéro SIRET'
<< : *default_attributes
@ -273,6 +274,8 @@ fr:
not_strong: 'nest pas assez complexe'
password_confirmation:
confirmation: ': Les deux mots de passe ne correspondent pas'
requested_merge_into:
same: "ne peut être identique à lancienne"
invite:
attributes:
email:

View file

@ -48,6 +48,14 @@ describe Users::ProfilController, type: :controller do
end
describe 'PATCH #update_email' do
context 'when email is same as user' do
it 'fails' do
patch :update_email, params: { user: { email: user.email } }
expect(response).to have_http_status(302)
expect(flash[:alert]).to eq(["La nouvelle adresse email ne peut être identique à lancienne"])
end
end
context 'when everything is fine' do
let(:previous_request) { create(:user) }
@ -69,7 +77,7 @@ describe Users::ProfilController, type: :controller do
before do
user.update(unconfirmed_email: 'unconfirmed@mail.com')
expect_any_instance_of(User).to receive(:ask_for_merge).with(existing_user)
expect(UserMailer).to receive(:ask_for_merge).with(user, existing_user.email).and_return(double(deliver_later: true))
perform_enqueued_jobs do
patch :update_email, params: { user: { email: existing_user.email } }