diff options
| author | Christopher Speller <crspeller@gmail.com> | 2015-10-08 09:56:00 -0400 |
|---|---|---|
| committer | Christopher Speller <crspeller@gmail.com> | 2015-10-08 09:56:00 -0400 |
| commit | 7571d21f3200738199981c21b9466e0028d4fcbb (patch) | |
| tree | 0341429b34bb249e52092e4196b451167e2e324c | |
| parent | 2ebcb3f69dd9db52cdea476f0e543eaed3420efd (diff) | |
| parent | c84fe62ca199485dccefc37e00ca2bef45d47c6d (diff) | |
| download | chat-7571d21f3200738199981c21b9466e0028d4fcbb.tar.gz chat-7571d21f3200738199981c21b9466e0028d4fcbb.tar.bz2 chat-7571d21f3200738199981c21b9466e0028d4fcbb.zip | |
Merge pull request #931 from rgarmsen2295/plt-112
PLT-112 Improves email change verification process
| -rw-r--r-- | api/templates/email_change_body.html | 3 | ||||
| -rw-r--r-- | api/templates/email_change_subject.html | 2 | ||||
| -rw-r--r-- | api/templates/email_change_verify_body.html | 56 | ||||
| -rw-r--r-- | api/templates/email_change_verify_subject.html | 1 | ||||
| -rw-r--r-- | api/user.go | 32 | ||||
| -rw-r--r-- | utils/config.go | 1 | ||||
| -rw-r--r-- | web/react/components/user_settings/user_settings_general.jsx | 69 | ||||
| -rw-r--r-- | web/sass-files/sass/partials/_settings.scss | 1 | ||||
| -rw-r--r-- | web/web.go | 7 |
9 files changed, 157 insertions, 15 deletions
diff --git a/api/templates/email_change_body.html b/api/templates/email_change_body.html index ac3f0dd13..d4e6abd02 100644 --- a/api/templates/email_change_body.html +++ b/api/templates/email_change_body.html @@ -18,7 +18,7 @@ <tr> <td style="border-bottom: 1px solid #ddd; padding: 0 0 20px;"> <h2 style="font-weight: normal; margin-top: 10px;">You updated your email</h2> - <p>You updated your email for {{.Props.TeamDisplayName}} on {{ .Props.TeamURL }}<br> If this change wasn't initiated by you, please reply to this email and let us know.</p> + <p>You email address for {{.Props.TeamDisplayName}} has been changed to {{.Props.NewEmail}}.<br>If you did not make this change, please contact the system administrator.</p> </td> </tr> <tr> @@ -51,4 +51,3 @@ </table> {{end}} - diff --git a/api/templates/email_change_subject.html b/api/templates/email_change_subject.html index 5690b148a..962ae868e 100644 --- a/api/templates/email_change_subject.html +++ b/api/templates/email_change_subject.html @@ -1 +1 @@ -{{define "email_change_subject"}}You updated your email for {{.Props.TeamDisplayName}} on {{ .Props.Domain }}{{end}} +{{define "email_change_subject"}}[{{.ClientProps.SiteName}}] Your email address has changed for {{.Props.TeamDisplayName}}{{end}} diff --git a/api/templates/email_change_verify_body.html b/api/templates/email_change_verify_body.html new file mode 100644 index 000000000..356f2454c --- /dev/null +++ b/api/templates/email_change_verify_body.html @@ -0,0 +1,56 @@ +{{define "email_change_verify_body"}} + +<table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="margin-top: 20px; line-height: 1.7; color: #555;"> + <tr> + <td> + <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="max-width: 660px; font-family: Helvetica, Arial, sans-serif; font-size: 14px; background: #FFF;"> + <tr> + <td style="border: 1px solid #ddd;"> + <table align="center" border="0" cellpadding="0" cellspacing="0" width="100%" style="border-collapse: collapse;"> + <tr> + <td style="padding: 20px 20px 10px; text-align:left;"> + <img src="{{.Props.SiteURL}}/static/images/{{.ClientProps.SiteName}}-logodark.png" width="130px" style="opacity: 0.5" alt=""> + </td> + </tr> + <tr> + <td> + <table border="0" cellpadding="0" cellspacing="0" style="padding: 20px 50px 0; text-align: center; margin: 0 auto"> + <tr> + <td style="border-bottom: 1px solid #ddd; padding: 0 0 20px;"> + <h2 style="font-weight: normal; margin-top: 10px;">You updated your email</h2> + <p>To finish updating your email address for {{.Props.TeamDisplayName}}, please click the link below to confirm this is the right address.</p> + <p style="margin: 20px 0 15px"> + <a href="{{.Props.VerifyUrl}}" style="background: #2389D7; border-radius: 3px; color: #fff; border: none; outline: none; min-width: 200px; padding: 15px 25px; font-size: 14px; font-family: inherit; cursor: pointer; -webkit-appearance: none;text-decoration: none;">Verify Email</a> + </p> + </td> + </tr> + <tr> + <td style="color: #999; padding-top: 20px; line-height: 25px; font-size: 13px;"> + Any questions at all, mail us any time: <a href="mailto:{{.ClientProps.FeedbackEmail}}" style="text-decoration: none; color:#2389D7;">{{.ClientProps.FeedbackEmail}}</a>.<br> + Best wishes,<br> + The {{.ClientProps.SiteName}} Team<br> + </td> + </tr> + </table> + </td> + </tr> + <tr> + <td style="text-align: center;color: #AAA; font-size: 11px; padding-bottom: 10px;"> + <p style="margin: 25px 0;"> + <img width="65" src="{{.Props.SiteURL}}/static/images/circles.png" alt=""> + </p> + <p style="padding: 0 50px;"> + (c) 2015 SpinPunch, Inc. 855 El Camino Real, 13A-168, Palo Alto, CA, 94301.<br> + If you no longer wish to receive these emails, click on the following link: <a href="mailto:{{.ClientProps.FeedbackEmail}}?subject=Unsubscribe&body=Unsubscribe" style="text-decoration: none; color:#2389D7;">Unsubscribe</a> + </p> + </td> + </tr> + </table> + </td> + </tr> + </table> + </td> + </tr> +</table> + +{{end}} diff --git a/api/templates/email_change_verify_subject.html b/api/templates/email_change_verify_subject.html new file mode 100644 index 000000000..5e2ac1452 --- /dev/null +++ b/api/templates/email_change_verify_subject.html @@ -0,0 +1 @@ +{{define "email_change_verify_subject"}}[{{.ClientProps.SiteName}}] Verify new email address for {{.Props.TeamDisplayName}}{{end}} diff --git a/api/user.go b/api/user.go index 78f8768a4..34cbec151 100644 --- a/api/user.go +++ b/api/user.go @@ -887,7 +887,11 @@ func updateUser(c *Context, w http.ResponseWriter, r *http.Request) { l4g.Error(tresult.Err.Message) } else { team := tresult.Data.(*model.Team) - fireAndForgetEmailChangeEmail(rusers[1].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + fireAndForgetEmailChangeEmail(rusers[1].Email, rusers[0].Email, team.DisplayName, c.GetTeamURLFromTeam(team), c.GetSiteURL()) + + if utils.Cfg.EmailSettings.RequireEmailVerification { + FireAndForgetEmailChangeVerifyEmail(rusers[0].Id, rusers[0].Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + } } } @@ -1328,7 +1332,7 @@ func fireAndForgetPasswordChangeEmail(email, teamDisplayName, teamURL, siteURL, }() } -func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL string) { +func fireAndForgetEmailChangeEmail(oldEmail, newEmail, teamDisplayName, teamURL, siteURL string) { go func() { subjectPage := NewServerTemplatePage("email_change_subject") @@ -1338,14 +1342,34 @@ func fireAndForgetEmailChangeEmail(email, teamDisplayName, teamURL, siteURL stri bodyPage.Props["SiteURL"] = siteURL bodyPage.Props["TeamDisplayName"] = teamDisplayName bodyPage.Props["TeamURL"] = teamURL + bodyPage.Props["NewEmail"] = newEmail - if err := utils.SendMail(email, subjectPage.Render(), bodyPage.Render()); err != nil { - l4g.Error("Failed to send update password email successfully err=%v", err) + if err := utils.SendMail(oldEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send email change notification email successfully err=%v", err) } }() } +func FireAndForgetEmailChangeVerifyEmail(userId, newUserEmail, teamName, teamDisplayName, siteURL, teamURL string) { + go func() { + + link := fmt.Sprintf("%s/verify_email?uid=%s&hid=%s&teamname=%s&email=%s", siteURL, userId, model.HashPassword(userId), teamName, newUserEmail) + + subjectPage := NewServerTemplatePage("email_change_verify_subject") + subjectPage.Props["SiteURL"] = siteURL + subjectPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage := NewServerTemplatePage("email_change_verify_body") + bodyPage.Props["SiteURL"] = siteURL + bodyPage.Props["TeamDisplayName"] = teamDisplayName + bodyPage.Props["VerifyUrl"] = link + + if err := utils.SendMail(newUserEmail, subjectPage.Render(), bodyPage.Render()); err != nil { + l4g.Error("Failed to send email change verification email successfully err=%v", err) + } + }() +} + func updateUserNotify(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) diff --git a/utils/config.go b/utils/config.go index 90e44259a..0eea6dd6a 100644 --- a/utils/config.go +++ b/utils/config.go @@ -191,6 +191,7 @@ func getClientProperties(c *model.Config) map[string]string { props["SendEmailNotifications"] = strconv.FormatBool(c.EmailSettings.SendEmailNotifications) props["EnableSignUpWithEmail"] = strconv.FormatBool(c.EmailSettings.EnableSignUpWithEmail) + props["RequireEmailVerification"] = strconv.FormatBool(c.EmailSettings.RequireEmailVerification) props["FeedbackEmail"] = c.EmailSettings.FeedbackEmail props["EnableSignUpWithGitLab"] = strconv.FormatBool(c.GitLabSettings.Enable) diff --git a/web/react/components/user_settings/user_settings_general.jsx b/web/react/components/user_settings/user_settings_general.jsx index c1d4c4ab5..c6c508ad7 100644 --- a/web/react/components/user_settings/user_settings_general.jsx +++ b/web/react/components/user_settings/user_settings_general.jsx @@ -2,6 +2,7 @@ // See License.txt for license information. var UserStore = require('../../stores/user_store.jsx'); +var ErrorStore = require('../../stores/error_store.jsx'); var SettingItemMin = require('../setting_item_min.jsx'); var SettingItemMax = require('../setting_item_max.jsx'); var SettingPicture = require('../setting_picture.jsx'); @@ -27,6 +28,7 @@ export default class UserSettingsGeneralTab extends React.Component { this.updateLastName = this.updateLastName.bind(this); this.updateNickname = this.updateNickname.bind(this); this.updateEmail = this.updateEmail.bind(this); + this.updateConfirmEmail = this.updateConfirmEmail.bind(this); this.updatePicture = this.updatePicture.bind(this); this.updateSection = this.updateSection.bind(this); @@ -96,6 +98,7 @@ export default class UserSettingsGeneralTab extends React.Component { var user = UserStore.getCurrentUser(); var email = this.state.email.trim().toLowerCase(); + var confirmEmail = this.state.confirmEmail.trim().toLowerCase(); if (user.email === email) { return; @@ -106,8 +109,12 @@ export default class UserSettingsGeneralTab extends React.Component { return; } - user.email = email; + if (email !== confirmEmail) { + this.setState({emailError: 'The new emails you entered do not match'}); + return; + } + user.email = email; this.submitUser(user); } submitUser(user) { @@ -115,6 +122,13 @@ export default class UserSettingsGeneralTab extends React.Component { function updateSuccess() { this.updateSection(''); AsyncClient.getMe(); + const verificationEnabled = global.window.config.SendEmailNotifications === 'true' && global.window.config.RequireEmailVerification === 'true'; + + if (verificationEnabled) { + ErrorStore.storeLastError({message: 'Check your email at ' + user.email + ' to verify the address.'}); + ErrorStore.emitChange(); + this.setState({emailChangeInProgress: true}); + } }.bind(this), function updateFailure(err) { var state = this.setupInitialState(this.props); @@ -177,6 +191,9 @@ export default class UserSettingsGeneralTab extends React.Component { updateEmail(e) { this.setState({email: e.target.value}); } + updateConfirmEmail(e) { + this.setState({confirmEmail: e.target.value}); + } updatePicture(e) { if (e.target.files && e.target.files[0]) { this.setState({picture: e.target.files[0]}); @@ -188,7 +205,8 @@ export default class UserSettingsGeneralTab extends React.Component { } } updateSection(section) { - this.setState(assign({}, this.setupInitialState(this.props), {clientError: '', serverError: '', emailError: ''})); + const emailChangeInProgress = this.state.emailChangeInProgress; + this.setState(assign({}, this.setupInitialState(this.props), {emailChangeInProgress: emailChangeInProgress, clientError: '', serverError: '', emailError: ''})); this.submitActive = false; this.props.updateSection(section); } @@ -208,9 +226,9 @@ export default class UserSettingsGeneralTab extends React.Component { } setupInitialState(props) { var user = props.user; - var emailEnabled = global.window.config.SendEmailNotifications === 'true'; + return {username: user.username, firstName: user.first_name, lastName: user.last_name, nickname: user.nickname, - email: user.email, picture: null, loadingPicture: false, emailEnabled: emailEnabled}; + email: user.email, confirmEmail: '', picture: null, loadingPicture: false, emailChangeInProgress: false}; } render() { var user = this.props.user; @@ -434,10 +452,19 @@ export default class UserSettingsGeneralTab extends React.Component { } var emailSection; if (this.props.activeSection === 'email') { - let helpText = <div>Email is used for notifications, and requires verification if changed.</div>; + const emailEnabled = global.window.config.SendEmailNotifications === 'true'; + const emailVerificationEnabled = global.window.config.RequireEmailVerification === 'true'; + let helpText = 'Email is used for notifications, and requires verification if changed.'; - if (!this.state.emailEnabled) { + if (!emailEnabled) { helpText = <div className='setting-list__hint text-danger'>{'Email has been disabled by your system administrator. No notification emails will be sent until it is enabled.'}</div>; + } else if (!emailVerificationEnabled) { + helpText = 'Email is used for notifications.'; + } else if (this.state.emailChangeInProgress) { + const newEmail = UserStore.getCurrentUser().email; + if (newEmail) { + helpText = 'A verification email was sent to ' + newEmail + '.'; + } } inputs.push( @@ -453,6 +480,22 @@ export default class UserSettingsGeneralTab extends React.Component { /> </div> </div> + </div> + ); + + inputs.push( + <div key='confirmEmailSetting'> + <div className='form-group'> + <label className='col-sm-5 control-label'>{'Confirm Email'}</label> + <div className='col-sm-7'> + <input + className='form-control' + type='text' + onChange={this.updateConfirmEmail} + value={this.state.confirmEmail} + /> + </div> + </div> {helpText} </div> ); @@ -471,10 +514,22 @@ export default class UserSettingsGeneralTab extends React.Component { /> ); } else { + let describe = ''; + if (this.state.emailChangeInProgress) { + const newEmail = UserStore.getCurrentUser().email; + if (newEmail) { + describe = 'New Address: ' + newEmail + '\nCheck your email to verify the above address.'; + } else { + describe = 'Check your email to verify your new address'; + } + } else { + describe = UserStore.getCurrentUser().email; + } + emailSection = ( <SettingItemMin title='Email' - describe={UserStore.getCurrentUser().email} + describe={describe} updateSection={function updateEmailSection() { this.updateSection('email'); }.bind(this)} diff --git a/web/sass-files/sass/partials/_settings.scss b/web/sass-files/sass/partials/_settings.scss index 9369cc097..8debb0b4e 100644 --- a/web/sass-files/sass/partials/_settings.scss +++ b/web/sass-files/sass/partials/_settings.scss @@ -132,6 +132,7 @@ .section-describe { @include opacity(0.7); + white-space:pre; } .divider-dark { diff --git a/web/web.go b/web/web.go index b87636187..87c96659d 100644 --- a/web/web.go +++ b/web/web.go @@ -414,7 +414,12 @@ func verifyEmail(c *api.Context, w http.ResponseWriter, r *http.Request) { return } else { user := result.Data.(*model.User) - api.FireAndForgetVerifyEmail(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + + if user.LastActivityAt > 0 { + api.FireAndForgetEmailChangeVerifyEmail(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + } else { + api.FireAndForgetVerifyEmail(user.Id, user.Email, team.Name, team.DisplayName, c.GetSiteURL(), c.GetTeamURLFromTeam(team)) + } newAddress := strings.Replace(r.URL.String(), "&resend=true", "&resend_success=true", -1) http.Redirect(w, r, newAddress, http.StatusFound) |