From 3f7769d2ba4047e8766e511b7a42c7aa4721f6f8 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Thu, 3 Oct 2019 17:33:33 +0200
Subject: Require email confirmation when changing email address

This ensures that the email address linked to a user is always valid and
actually belong(s|ed) to that user.
---
 elm/Lib/Api.elm   |  1 +
 elm/User/Edit.elm | 36 +++++++++++++++++++++---------------
 2 files changed, 22 insertions(+), 15 deletions(-)

(limited to 'elm')

diff --git a/elm/Lib/Api.elm b/elm/Lib/Api.elm
index 4df99fde..283cbe3c 100644
--- a/elm/Lib/Api.elm
+++ b/elm/Lib/Api.elm
@@ -41,6 +41,7 @@ showResponse res =
     DoubleEmail                     -> "Email address already used for another account."
     DoubleIP                        -> "You can only register one account from the same IP within 24 hours."
     BadCurPass                      -> "Current password is invalid."
+    MailChange                      -> unexp
 
 
 expectResponse : (Response -> msg) -> Http.Expect msg
diff --git a/elm/User/Edit.elm b/elm/User/Edit.elm
index 4bdffad9..544b2fe1 100644
--- a/elm/User/Edit.elm
+++ b/elm/User/Edit.elm
@@ -23,25 +23,27 @@ main = Browser.element
 
 
 type alias Model =
-  { state   : Api.State
-  , data    : GUE.Send
-  , cpass   : Bool
-  , pass1   : String
-  , pass2   : String
-  , opass   : String
-  , passNeq : Bool
+  { state       : Api.State
+  , data        : GUE.Send
+  , cpass       : Bool
+  , pass1       : String
+  , pass2       : String
+  , opass       : String
+  , passNeq     : Bool
+  , mailConfirm : Bool
   }
 
 
 init : GUE.Send -> Model
 init d =
-  { state   = Api.Normal
-  , data    = d
-  , cpass   = False
-  , pass1   = ""
-  , pass2   = ""
-  , opass   = ""
-  , passNeq = False
+  { state       = Api.Normal
+  , data        = d
+  , cpass       = False
+  , pass1       = ""
+  , pass2       = ""
+  , opass       = ""
+  , passNeq     = False
+  , mailConfirm = False
   }
 
 
@@ -115,7 +117,8 @@ update msg model =
       else ({ model | state = Api.Loading }, Api.post "/u/edit" (GUE.encode model.data) Submitted)
 
     -- TODO: This reload is only necessary for the skin and customcss options to apply, but it's nicer to do that directly from JS.
-    Submitted GApi.Success -> (model, load <| "/u" ++ String.fromInt model.data.id ++ "/edit")
+    Submitted GApi.Success    -> (model, load <| "/u" ++ String.fromInt model.data.id ++ "/edit")
+    Submitted GApi.MailChange -> ({ model | mailConfirm = True, state = Api.Normal }, Cmd.none)
     Submitted r -> ({ model | state = Api.Error r }, Cmd.none)
 
 
@@ -188,5 +191,8 @@ view model =
       ]
     , div [ class "mainbox" ]
       [ fieldset [ class "submit" ] [ submitButton "Submit" model.state (not model.passNeq) False ]
+      , if not model.mailConfirm then text "" else
+          div [ class "notice" ]
+          [ text "A confirmation email has been sent to your new address. Your address will be updated after following the instructions in that mail." ]
       ]
     ]
-- 
cgit v1.2.3