Require users to verify their email after they have changed it

pt-stripe · Nov 7, 2016 · f546585 · f546585
1 parent c6b4d77
commit f546585
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 6 deletions.
diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
@@ -16,8 +16,9 @@ def show
   def update
     @user = current_user.clone
     if @user.update_attributes(params_user)
-      if @user.email_reset
+      if @user.unconfirmed?
         sign_out
+        Mailer.delay.email_reset(self)
         flash[:notice] = "You will receive an email within the next few " \
                          "minutes. It contains instructions for reconfirming " \
                          "your account with your new email address."

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -23,7 +23,7 @@ class User < ActiveRecord::Base
   has_many :subscriptions
   has_many :web_hooks
 
-  before_validation :regenerate_token, if: :email_changed?, on: :update
+  before_validation :unconfirm_email, if: :email_changed?, on: :update
   before_create :generate_api_key, :set_confirmation_token
 
   validates :handle, uniqueness: true, allow_nil: true
@@ -101,8 +101,9 @@ def encode_with(coder)
     coder.map = payload
   end
 
-  def regenerate_token
-    generate_confirmation_token
+  def unconfirm_email
+    self.email_confirmed = false
+    set_confirmation_token
   end
 
   def generate_api_key
@@ -135,4 +136,8 @@ def set_confirmation_token
     self.confirmation_token = Clearance::Token.new
     self.token_expires_at = Time.zone.now + 15.minutes
   end
+
+  def unconfirmed?
+    !email_confirmed
+  end
 end
diff --git a/app/views/mailer/email_reset.erb b/app/views/mailer/email_reset.erb
@@ -0,0 +1,7 @@
+<p> Hi <%= @user.handle %> </p>
+<p>
+  <%= t('.visit_link_instructions') %>
+  <br />
+  <%= link_to t('.confirmation_link'),
+    update_email_confirmations_url(@user, token: @user.confirmation_token.html_safe) %>
+</p>
diff --git a/config/locales/en.yml b/config/locales/en.yml
@@ -230,10 +230,12 @@ en:
 
   mailer:
     confirmation_subject: Please confirm your email address with rubygems.org
-    confirm_your_email: Please confirm your email.
+    confirm_your_email: Please confirm your email address with the link sent to you email.
     email_confirmation:
       welcome_message: Welcome to rubygems.org! Click the link below to verify your email.
       confirmation_link: Confirm email address
+    email_reset:
+      visit_link_instructions: You changed your email address on rubygems.org. Please visit the following url to re-activate your account.
 
   email_confirmations:
     update:

diff --git a/lib/confirmed_user_guard.rb b/lib/confirmed_user_guard.rb
@@ -8,6 +8,6 @@ def call
   end
 
   def user_unconfirmed?
-    signed_in? && !current_user.email_confirmed
+    signed_in? && current_user.unconfirmed?
   end
 end