update update_email to allow merge

2021-10-26 13:36:14 +02:00 · 2021-10-26 13:36:14 +02:00 · b160086cc5
commit b160086cc5
parent 652b8367be
8 changed files with 45 additions and 34 deletions
--- a/app/controllers/users/profil_controller.rb
+++ b/app/controllers/users/profil_controller.rb
@ -14,11 +14,12 @@ module Users
    end

    def update_email
-      if current_user.update(update_email_params)
+      requested_user = User.find_by(email: requested_email)
+
+      if requested_user.present?
+        current_user.ask_for_merge(requested_user)
        flash.notice = t('devise.registrations.update_needs_confirmation')
-      elsif current_user.errors&.details&.dig(:email)&.any? { |e| e[:error] == :taken }
-        UserMailer.account_already_taken(current_user, requested_email).deliver_later
-        # avoid leaking information about whether an account with this email exists or not
+      elsif current_user.update(update_email_params)
        flash.notice = t('devise.registrations.update_needs_confirmation')
      else
        flash.alert = current_user.errors.full_messages
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@ -12,10 +12,10 @@ class UserMailer < ApplicationMailer
    mail(to: user.email, subject: @subject, procedure: @procedure)
  end

-  def account_already_taken(user, requested_email)
+  def ask_for_merge(user, requested_email)
    @user = user
    @requested_email = requested_email
-    @subject = "Changement d’adresse email"
+    @subject = "Fusion de compte"

    mail(to: requested_email, subject: @subject)
  end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -220,6 +220,11 @@ class User < ApplicationRecord
    end
  end

+  def ask_for_merge(requested_user)
+    update(requested_merge_into: requested_user)
+    UserMailer.ask_for_merge(self, requested_user.email).deliver_later
+  end
+
  private

  def link_invites!
--- a/app/views/user_mailer/account_already_taken.haml
+++ b/app/views/user_mailer/account_already_taken.haml
@ -1,20 +0,0 @@
- content_for(:title, @subject)
-
-%p
-  Bonjour,
-
-%p
-  L’utilisateur « #{@user.email} » a demandé le changement de son adresse vers « #{@requested_email} ».
-
-%p
-  Malheureusement, votre compte « #{@requested_email} » existe déjà. Nous ne pouvons pas fusionner automatiquement vos comptes.
-
-%p
-  %strong Nous ne pouvons donc pas effectuer le changement d’adresse email.
-
-%p
-  Si vous n’êtes pas à l’origine de cette demande, vous pouvez ignorer ce message. Et si vous avez besoin d’assistance, n’hésitez pas à nous contacter à
-  = succeed '.' do
-    = mail_to CONTACT_EMAIL
-
-= render partial: "layouts/mailers/signature"
--- a/app/views/user_mailer/ask_for_merge.haml
+++ b/app/views/user_mailer/ask_for_merge.haml
@ -0,0 +1,22 @@
+- content_for(:title, @subject)
+
+%p
+  Bonjour,
+
+%p
+  L’utilisateur <b>« #{@user.email} »</b> a demandé la fusion de son compte avec le votre <b>« #{@requested_email} »</b>.
+
+%p
+  Si vous désirez confirmer la fusion de ces comptes :
+
+%ol
+  %li connectez-vous avec le compte #{@requested_email}
+  %li allez sur votre page profil
+  %li acceptez la fusion
+
+%p
+  Si vous n’êtes pas à l’origine de cette demande, vous pouvez ignorer ce message. Et si vous avez besoin d’assistance, n’hésitez pas à nous contacter à
+  = succeed '.' do
+    = mail_to CONTACT_EMAIL
+
+= render partial: "layouts/mailers/signature"
--- a/spec/controllers/users/profil_controller_spec.rb
+++ b/spec/controllers/users/profil_controller_spec.rb
@ -63,16 +63,19 @@ describe Users::ProfilController, type: :controller do
      let(:existing_user) { create(:user) }

      before do
+        expect_any_instance_of(User).to receive(:ask_for_merge).with(existing_user)
+
        perform_enqueued_jobs do
          patch :update_email, params: { user: { email: existing_user.email } }
        end
        user.reload
      end

-      it { expect(user.unconfirmed_email).to be_nil }
-      it { expect(ActionMailer::Base.deliveries.last.to).to eq([existing_user.email]) }
-      it { expect(response).to redirect_to(profil_path) }
-      it { expect(flash.notice).to eq(I18n.t('devise.registrations.update_needs_confirmation')) }
+      it 'launches the merge process' do
+        expect(user.unconfirmed_email).to be_nil
+        expect(response).to redirect_to(profil_path)
+        expect(flash.notice).to eq(I18n.t('devise.registrations.update_needs_confirmation'))
+      end
    end

    context 'when the mail is incorrect' do
--- a/spec/mailers/previews/user_mailer_preview.rb
+++ b/spec/mailers/previews/user_mailer_preview.rb
@ -8,8 +8,8 @@ class UserMailerPreview < ActionMailer::Preview
    UserMailer.new_account_warning(user, procedure)
  end

-  def account_already_taken
-    UserMailer.account_already_taken(user, 'dircab@territoires.gouv.fr')
+  def ask_for_merge
+    UserMailer.ask_for_merge(user, 'dircab@territoires.gouv.fr')
  end

  private
--- a/spec/mailers/user_mailer_spec.rb
+++ b/spec/mailers/user_mailer_spec.rb
@ -17,10 +17,10 @@ RSpec.describe UserMailer, type: :mailer do
    end
  end

-  describe '.account_already_taken' do
+  describe '.ask_for_merge' do
    let(:requested_email) { 'new@exemple.fr' }

-    subject { described_class.account_already_taken(user, requested_email) }
+    subject { described_class.ask_for_merge(user, requested_email) }

    it { expect(subject.to).to eq([requested_email]) }
    it { expect(subject.body).to include(requested_email) }