paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-14 19:06:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

user_settings: Revoke previous email changes on new one.

Browse Source
This commit is contained in:
Alex Vandiver
2023-11-28 17:25:06 +00:00
committed by Tim Abbott
parent f7990ad175
commit 037eaa07e2
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
zerver/actions/user_settings.py
View File

@@ -7,6 +7,7 @@ from django.db.models import F
from django.utils.timezone import now as timezone_now from django.utils.timezone import now as timezone_now
from confirmation.models import Confirmation, create_confirmation_link from confirmation.models import Confirmation, create_confirmation_link
from confirmation.settings import STATUS_REVOKED
from zerver.actions.presence import do_update_user_presence from zerver.actions.presence import do_update_user_presence
from zerver.lib.avatar import avatar_url from zerver.lib.avatar import avatar_url
from zerver.lib.cache import ( from zerver.lib.cache import (
@@ -155,6 +156,11 @@ def do_start_email_change_process(user_profile: UserProfile, new_email: str) ->
realm=user_profile.realm, realm=user_profile.realm,
) )
# Deactivate existing email change requests
EmailChangeStatus.objects.filter(realm=user_profile.realm, user_profile=user_profile).exclude(
id=obj.id,
).update(status=STATUS_REVOKED)
activation_url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE) activation_url = create_confirmation_link(obj, Confirmation.EMAIL_CHANGE)
from zerver.context_processors import common_context from zerver.context_processors import common_context

19
zerver/tests/test_email_change.py
View File

@@ -131,6 +131,25 @@ class EmailChangeTestCase(ZulipTestCase):
response = self.client_get(activation_url) response = self.client_get(activation_url)
self.assertEqual(response.status_code, 404) self.assertEqual(response.status_code, 404)
def test_change_email_revokes(self) -> None:
user_profile = self.example_user("hamlet")
self.login_user(user_profile)
old_email = user_profile.delivery_email
first_email = "hamlet-newer@zulip.com"
first_url = self.generate_email_change_link(first_email)
second_email = "hamlet-newest@zulip.com"
second_url = self.generate_email_change_link(second_email)
response = self.client_get(first_url)
self.assertEqual(response.status_code, 404)
user_profile.refresh_from_db()
self.assertEqual(user_profile.delivery_email, old_email)
response = self.client_get(second_url)
self.assertEqual(response.status_code, 200)
user_profile.refresh_from_db()
self.assertEqual(user_profile.delivery_email, second_email)
def test_change_email_deactivated_user_realm(self) -> None: def test_change_email_deactivated_user_realm(self) -> None:
new_email = "hamlet-new@zulip.com" new_email = "hamlet-new@zulip.com"
user_profile = self.example_user("hamlet") user_profile = self.example_user("hamlet")

8
zerver/views/user_settings.py
View File

@@ -80,6 +80,14 @@ def confirm_email_change(request: HttpRequest, confirmation_key: str) -> HttpRes
id=email_change_object.user_profile_id id=email_change_object.user_profile_id
) )
if user_profile.delivery_email != old_email:
# This is not expected to be possible, since we deactivate
# any previous email changes when we create a new one, but
# double-check.
return render_confirmation_key_error(
request, ConfirmationKeyError(ConfirmationKeyError.EXPIRED)
) # nocoverage
if user_profile.realm.deactivated: if user_profile.realm.deactivated:
return redirect_to_deactivation_notice() return redirect_to_deactivation_notice()