2019-05-02 18:17:27 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-03-07 13:45:33 -05:00
|
|
|
require_dependency 'rate_limiter'
|
|
|
|
require_dependency 'email_validator'
|
2016-03-07 14:40:11 -05:00
|
|
|
require_dependency 'email_updater'
|
2016-03-07 13:45:33 -05:00
|
|
|
|
|
|
|
class UsersEmailController < ApplicationController
|
|
|
|
|
2018-01-31 23:17:59 -05:00
|
|
|
requires_login only: [:index, :update]
|
2016-03-07 14:40:11 -05:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
skip_before_action :check_xhr, only: [:confirm]
|
|
|
|
skip_before_action :redirect_to_login_if_required, only: [:confirm]
|
2016-03-07 13:45:33 -05:00
|
|
|
|
|
|
|
def index
|
|
|
|
end
|
|
|
|
|
|
|
|
def update
|
|
|
|
params.require(:email)
|
|
|
|
user = fetch_user_from_params
|
|
|
|
|
|
|
|
RateLimiter.new(user, "change-email-hr-#{request.remote_ip}", 6, 1.hour).performed!
|
|
|
|
RateLimiter.new(user, "change-email-min-#{request.remote_ip}", 3, 1.minute).performed!
|
|
|
|
|
2016-03-07 14:40:11 -05:00
|
|
|
updater = EmailUpdater.new(guardian, user)
|
|
|
|
updater.change_to(params[:email])
|
2016-03-07 13:45:33 -05:00
|
|
|
|
2016-03-07 14:40:11 -05:00
|
|
|
if updater.errors.present?
|
|
|
|
return render_json_error(updater.errors.full_messages)
|
|
|
|
end
|
2016-03-07 13:45:33 -05:00
|
|
|
|
2017-08-31 00:06:56 -04:00
|
|
|
render body: nil
|
2016-03-07 13:45:33 -05:00
|
|
|
rescue RateLimiter::LimitExceeded
|
|
|
|
render_json_error(I18n.t("rate_limiter.slow_down"))
|
|
|
|
end
|
|
|
|
|
2016-03-07 14:40:11 -05:00
|
|
|
def confirm
|
|
|
|
expires_now
|
2018-02-20 01:44:51 -05:00
|
|
|
|
|
|
|
token = EmailToken.confirmable(params[:token])
|
|
|
|
user = token&.user
|
|
|
|
|
|
|
|
change_request =
|
|
|
|
if user
|
|
|
|
user.email_change_requests.where(new_email_token_id: token.id).first
|
|
|
|
end
|
|
|
|
|
|
|
|
if change_request&.change_state == EmailChangeRequest.states[:authorizing_new] &&
|
2018-06-28 04:12:32 -04:00
|
|
|
user.totp_enabled? && !user.authenticate_second_factor(params[:second_factor_token], params[:second_factor_method].to_i)
|
2018-02-20 01:44:51 -05:00
|
|
|
|
2017-12-21 20:18:12 -05:00
|
|
|
@update_result = :invalid_second_factor
|
2018-06-28 04:12:32 -04:00
|
|
|
@backup_codes_enabled = true if user.backup_codes_enabled?
|
2018-02-20 01:44:51 -05:00
|
|
|
|
2017-12-21 20:18:12 -05:00
|
|
|
if params[:second_factor_token].present?
|
|
|
|
RateLimiter.new(nil, "second-factor-min-#{request.remote_ip}", 3, 1.minute).performed!
|
|
|
|
@show_invalid_second_factor_error = true
|
|
|
|
end
|
2018-02-20 01:44:51 -05:00
|
|
|
else
|
|
|
|
updater = EmailUpdater.new
|
|
|
|
@update_result = updater.confirm(params[:token])
|
2017-12-21 20:18:12 -05:00
|
|
|
|
2018-02-20 01:44:51 -05:00
|
|
|
if @update_result == :complete
|
|
|
|
updater.user.user_stat.reset_bounce_score!
|
|
|
|
log_on_user(updater.user)
|
|
|
|
end
|
2017-02-20 04:37:01 -05:00
|
|
|
end
|
2016-03-07 14:40:11 -05:00
|
|
|
|
|
|
|
render layout: 'no_ember'
|
|
|
|
end
|
|
|
|
|
2016-03-07 13:45:33 -05:00
|
|
|
end
|