Allow to change primary email before account activation (#29412)

2025-06-22 22:18:02 +02:00 · 2024-02-27 18:55:13 +08:00
parent 6ed74a3fc7
commit 6bdfc84e6c
7 changed files with 91 additions and 43 deletions
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@ -646,7 +646,7 @@ func sendActivateEmail(ctx *context.Context, u *user_model.User) {
 	mailer.SendActivateAccountMail(ctx.Locale, u)

 	activeCodeLives := timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale)
-	msgHTML := ctx.Locale.Tr("auth.confirmation_mail_sent_prompt", u.Email, activeCodeLives)
+	msgHTML := ctx.Locale.Tr("auth.confirmation_mail_sent_prompt_ex", u.Email, activeCodeLives)
 	renderActivationPromptMessage(ctx, msgHTML)
 }

@ -656,6 +656,10 @@ func renderActivationVerifyPassword(ctx *context.Context, code string) {
 	ctx.HTML(http.StatusOK, TplActivate)
 }

+func renderActivationChangeEmail(ctx *context.Context) {
+	ctx.HTML(http.StatusOK, TplActivate)
+}
+
 // Activate render activate user page
 func Activate(ctx *context.Context) {
 	code := ctx.FormString("code")
@ -674,7 +678,7 @@ func Activate(ctx *context.Context) {
 			return
 		}

-		// Resend confirmation email.
+		// Resend confirmation email. FIXME: ideally this should be in a POST request
 		sendActivateEmail(ctx, ctx.Doer)
 		return
 	}
@ -698,7 +702,28 @@ func Activate(ctx *context.Context) {
 // ActivatePost handles account activation with password check
 func ActivatePost(ctx *context.Context) {
 	code := ctx.FormString("code")
-	if code == "" || (ctx.Doer != nil && ctx.Doer.IsActive) {
+	if ctx.Doer != nil && ctx.Doer.IsActive {
+		ctx.Redirect(setting.AppSubURL + "/user/activate") // it will redirect again to the correct page
+		return
+	}
+
+	if code == "" {
+		newEmail := strings.TrimSpace(ctx.FormString("change_email"))
+		if ctx.Doer != nil && newEmail != "" && !strings.EqualFold(ctx.Doer.Email, newEmail) {
+			if user_model.ValidateEmail(newEmail) != nil {
+				ctx.Flash.Error(ctx.Locale.Tr("form.email_invalid"), true)
+				renderActivationChangeEmail(ctx)
+				return
+			}
+			err := user_model.ChangeInactivePrimaryEmail(ctx, ctx.Doer.ID, ctx.Doer.Email, newEmail)
+			if err != nil {
+				ctx.Flash.Error(ctx.Locale.Tr("admin.emails.not_updated", newEmail), true)
+				renderActivationChangeEmail(ctx)
+				return
+			}
+			ctx.Doer.Email = newEmail
+		}
+		// FIXME: at the moment, GET request handles the "send confirmation email" action. But the old code does this redirect and then send a confirmation email.
 		ctx.Redirect(setting.AppSubURL + "/user/activate")
 		return
 	}
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@ -92,9 +92,9 @@ func EmailPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true

-	// Make emailaddress primary.
+	// Make email address primary.
 	if ctx.FormString("_method") == "PRIMARY" {
-		if err := user_model.MakeEmailPrimary(ctx, &user_model.EmailAddress{ID: ctx.FormInt64("id")}); err != nil {
+		if err := user_model.MakeActiveEmailPrimary(ctx, ctx.FormInt64("id")); err != nil {
 			ctx.ServerError("MakeEmailPrimary", err)
 			return
 		}