fix(profil_controller#update_email): ensure we are not merging same account

fix(profil_controller#update_email): changing email from current_user.email to current_user.email destroy current user. whoops ☠️'

Update config/locales/en.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update config/locales/fr.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update spec/controllers/users/profil_controller_spec.rb

Update config/locales/fr.yml

Co-authored-by: Pierre de La Morinerie <pierre.de_la_morinerie@beta.gouv.fr>

Update spec/controllers/users/profil_controller_spec.rb

fix(spec): broken due to typo
This commit is contained in:
Martin 2021-12-23 14:54:37 +01:00
parent 15f01149df
commit d0ab1711ff
5 changed files with 36 additions and 7 deletions

View file

@ -14,9 +14,7 @@ module Users
def update_email
requested_user = User.find_by(email: requested_email)
if requested_user.present?
current_user.ask_for_merge(requested_user)
if requested_user.present? && current_user.ask_for_merge(requested_user)
current_user.update(unconfirmed_email: nil)
flash.notice = t('devise.registrations.update_needs_confirmation')

View file

@ -63,6 +63,8 @@ class User < ApplicationRecord
before_validation -> { sanitize_email(:email) }
validate :does_not_merge_on_self, if: :requested_merge_into_id_changed?
def validate_password_complexity?
administrateur?
end
@ -223,12 +225,21 @@ class User < ApplicationRecord
end
def ask_for_merge(requested_user)
update(requested_merge_into: requested_user)
if update(requested_merge_into: requested_user)
UserMailer.ask_for_merge(self, requested_user.email).deliver_later
return true
else
return false
end
end
private
def does_not_merge_on_self
return if requested_merge_into_id != self.id
errors.add(:requested_merge_into, :same)
end
def link_invites!
Invite.where(email: email).update_all(user_id: id)
end

View file

@ -244,9 +244,16 @@ en:
one: User
other: Users
attributes:
default_attributes: &default_attributes
password: 'password'
requested_merge_into: 'new email address'
user:
siret: 'SIRET number'
password: 'password'
<< : *default_attributes
instructeur:
<< : *default_attributes
super_admin:
<< : *default_attributes
instructeur:
password: 'password'
errors:
@ -268,6 +275,8 @@ en:
too_short: 'is too short'
password_confirmation:
confirmation: ': The two passwords do not match'
requested_merge_into:
same: "can't be the same as the old one"
invite:
attributes:
email:

View file

@ -244,6 +244,7 @@ fr:
attributes:
default_attributes: &default_attributes
password: 'Le mot de passe'
requested_merge_into: 'La nouvelle adresse email'
user:
siret: 'Numéro SIRET'
<< : *default_attributes
@ -273,6 +274,8 @@ fr:
not_strong: 'nest pas assez complexe'
password_confirmation:
confirmation: ': Les deux mots de passe ne correspondent pas'
requested_merge_into:
same: "ne peut être identique à lancienne"
invite:
attributes:
email:

View file

@ -48,6 +48,14 @@ describe Users::ProfilController, type: :controller do
end
describe 'PATCH #update_email' do
context 'when email is same as user' do
it 'fails' do
patch :update_email, params: { user: { email: user.email } }
expect(response).to have_http_status(302)
expect(flash[:alert]).to eq(["La nouvelle adresse email ne peut être identique à lancienne"])
end
end
context 'when everything is fine' do
let(:previous_request) { create(:user) }
@ -69,7 +77,7 @@ describe Users::ProfilController, type: :controller do
before do
user.update(unconfirmed_email: 'unconfirmed@mail.com')
expect_any_instance_of(User).to receive(:ask_for_merge).with(existing_user)
expect(UserMailer).to receive(:ask_for_merge).with(user, existing_user.email).and_return(double(deliver_later: true))
perform_enqueued_jobs do
patch :update_email, params: { user: { email: existing_user.email } }